To provide awareness of and advocacy for vendor-neutral credentials in information security, privacy, and related IT disciplines. To advance the craft and practice of certification program development and to provide a forum to collaborate on matters of shared concern.
The purpose of the C3 is to provide a forum for collaboration among vendor-neutral information security and privacy and related IT disciplines certification bodies. That collaboration will result in the advancement of IT careers, a more prepared workforce, greater insight into how these certifications are developed, and how they meet the IT needs for organizations including governments, private enterprises, educational institutions, and the public at large.
A non-exclusive list of collaborative activities is planned to include the following:
- Provide the industry with factual information on how C3 certifications accurately validate knowledge, skills and abilities of the workforce
- Where appropriate, promote a common IT certification message to legislators and government agencies and provide them with accurate information regarding the benefits of these certification programs.
- Identify opportunities for joint projects of the commissioning of 3rd-party research for the advancement of knowledge of vendor-neutral credentials in information security, privacy, and related IT disciplines.
Why Certification Matters - Analysis of the Value of IT Certification
This presentation is based on recent data gathered from C3 member
organizations and explores the value of certification in our industry.
The Cybersecurity Credentials Collaborative (C3) and its member
organizations have adopted A Unified Principles of Professional Ethics in
Cyber Security, adapted from the Unified Framework of Professional Ethics
for Security Professionals, originally set forth by the Security
Professionals Ethics Working Group. In addition to C3 member organizations,
the Unified Principles of Professional Ethics in Cyber Security have also
been formally endorsed by ISSA. ISSA was one of the original
participants in the Security Professionals Ethics Working Group.
- Perform duties honorably, justly and responsibly, in accordance with existing laws, exercising
the highest moral principles
- Act in the best interests of stakeholders
- Refrain from activities that would constitute a conflict of interest
- Report ethical violations to the appropriate governing body in a timely manner.
- Perform all duties in a fair manner and without prejudice
- Exercise professional judgment in order to provide unbiased analysis and advice
- When an opinion is provided, note it as opinion rather than fact
- Respect and safeguard confidential information and exercise due care to prevent improper
- Maintain appropriate confidentiality of proprietary and otherwise confidential information
encountered in the course of professional activities, unless such action would conceal or result
in the commission of a criminal act
Consistent with the Unified Principles of Professional Ethics in Cyber Security which have been adopted by The Cybersecurity Credentials Collaborative (C3) and its member organizations, C3 member organizations are committed to encouraging self-reporting of adjudicated ethics violations by credential holders to the credential holder's employer and to other certifying bodies that have issued credentials to the individual. Also consistent with the Unified Principles of Professional Ethics in Cyber Security, C3 member organizations, as allowed by their respective policies and applicable law, may share results of finally adjudicated ethics violation complaints and the disciplinary measures imposed with other C3 member organizations.
- Perform services diligently and with professionalism
- Render only those services for which you are fully competent and qualified
- Recognize and acknowledge the contributions of others
- Refrain from professional misconduct which would damage the reputation of the profession
- Participate in professional development activities to maintain the skills necessary to function