For those of you unfamiliar with my opinion on the CISSP, I'm not a huge fan. It's not that I'm against certification per se, it's just that I question the value of the cert and I think ISC^2 is the wrong body to administrate such a cert. I think, for example, that a for-profit entity has an economic incentive to push as many people through the process as possible, thereby lowering the quality of the certification over time. Additionally, I'm of the opinion that CISSP doesn't really do much for the public at large and doesn't do much for practictioners like other professional certifications (CPA, license to practice medicine, etc.); unlike other professional certifications, it doesn't prevent malpractice, it doesn't provide recourse for individuals who have been burned by poor-quality security professionals, etc. At best it's of questionable value; at worst it's a cash-cow for the licensor.
In any event, given my feelings on the topic, I was interested to read that ISC(2) is under investigation for plagerism in the "Official" CISSP guide. Apparently, an entire chapter in that book has (allegedly) been copied and pasted verbatim into the book from a paper from the American Bar Association. There are (allegedly) additional materials "borrowed" from a number of other sources as well. For those unfamiliar with the CISSP, there is a mandatory code of ethics that accompanies the certification. The following are all entries from theISC^2 code of ethics:
-Act honorably, honestly, justly, responsibly, and legally.
-To discorage behavior such as... Associating or appearing to associate with criminals or criminal behavior.
-Tell the truth; make all stakeholders aware of your actions on a timely basis.
-Avoid conflicts of interest or the appearance thereof.
-Take care not to injure the reputation of other professionals through malice or indifference.
Is it me, or in the light of those aspects of the code, that this ISC^2 plagerism is particularly noxious. It's not just the fact that they stole from others - it's the hypocrisy of making other people swear to uphold the code that they violated in an official publication of theirs... on no less than 5 counts.