That is a tough question. Unfortunately I don't know if I have a good answer for you other than "to your own self be true".
If you are in a situation where, ethically, you are being compromised and management of your company is the issue/there is no recourse to the situation then you probably need to remove yourself from it. IE find another job that suites your ethically needs better.
Hope that helps
Well said, in order to stay out of trouble, remove yourself from the situation. Thank you. But I'm not exactly in the situation at the moment.
I'd say ethics, good sense and generally - "do the right thing" type of behavior is what stays beyond security or even law. The component of staying out of trouble is also to be considered of course, but in my opinion if one notices something wrong like conflict of interest, bribery or corruption or even worse - like crime (child pornography, blackmailing etc.) they should act - leaving the company, notifying (maybe anonymously) a regulatory or the appropriate agency. You know what they say - the only reason bad people do crimes is because good people do nothing....
It may sound a bit weird to you but this is human factor - we cannot make anything better if we just stay out of trouble.... - i believe there are delicate ways to contribute in solving a problem and still - stay out of trouble - that's what I believe - should be done.
It appears as though your proposition is rhetorical.
What is the point of governance in an unregulated environment?
What is a “Crime” if there is no law in your environment to convict a transgressor upon?
What is the point of a CISSP in such an organization?
It sounds like you should be running for a political office in your hypothetical country and attempting to enact the laws and regulations as a basis from which to start.
AS a consultant in the Security (Cyber) arena, personal knowledge, experience and integrity are key to credibility. Integrity stems from a firm basis of ethical practices and for me personally there are red lines I will not cross -I have "walked" away on a couple of occasions where it has become evident I was not empowered or provided the appropriate tools to make a difference. This is always a very difficult decision to make and is usually accompanied by a lot of soul searching ("why am I not good enough to fix this"). There are times when the resolution to an issue is not within our control. It is important that we bring these issues to the attention of those who are in a position to make a difference. It is also important that they have a similarly strong ethic background and approach - sadly for some this is not the case, and that then takes us into the world of the whistle-blower and why an environment that allows for this is important to a strong business environment. But, as with all things there are right and wrong ways to go about all of this. Ethics helps us to navigate this dangerous ground and supports us where difficult decisions are called for.