2. Search the web for security education and training programs in your area. Keep a list and see which category has the most examples. See if you can determine the costs associated with each example. Which do you think would be more cost effective in terms of both time and money?

Some of the programs in my area include:

- Computer Systems Networking and Telecommunications, cost roughly $12,000

- Computer Science programs, cost roughly $10,000

- ITS programs, cost roughly $8,000

The most cost effective program for security education would be an ITS program. There are certificates for different security programs, but they aren’t as well accepted as a degree. 6

3. Search the web for examples of issues-specific security policies. What types of policies can you find? Using the format provided in this chapter, draft a simple issue specific policy that outlines fair and responsible use of computers at your college, based on the rules and regulations of your institution. Does your school have a similar policy? Does it contain all the elements listed in the text?

Some polices are:

-          Responsible use of Wireless Internet at home.

-          USDA Information Systems Security Policy

-          Responsible storage policy

Policy: Students must use at least 12 characters with symbols and numbers in their password. Students must sign out of the computers when they are done using them.

Practice: University of Wisconsin Madison recommends the following:

-          Use a password length of at least 12 characters

-          Do not save password to the computer.

-          Use different numbers and symbols

-          Have a way to reset the password that has a different password.

Procedures:

1.      Log in create a password that is long enough with numbers and symbols.

2.      Have a backup account linked with different password then the new one. This allows you to reset if you need to.

3.      Do not save the password.

The school’s policy raises awareness of information security and how to prevent possible threats.

Discussion Questions

1.      What would be the first note you wrote down if you were Charlie?

The first thing to right down would be the policies on emergency situations. What to do if a data breach happens or a natural disaster or how they handle a security problem in the building. These policies would be the most important thing.

2.      What else should be Charlie’s list?

Some things that Charlie should list besides that are:

-          The security plans of the company

-          Any policy dealing with procedures to follow

-          The procedure for going up the chain of command and when to do so.

-          Any insurance and medical information the company has

3.      Suppose Charlie encountered resistance to his plans to improve continuity planning. What appeals could he use to sway opinions toward improved business continuity planning?

Charlie will have to convince the company that having business continuity planning could effectively stop issues before they even happen. This will save the company a lot of effort and money. It will also keep the company’s data safe from any threats. He would be able to convince them if he explained how it benefits the company in the long run.

Ethical Decision Making

Does SLS have an ethical imperative to modify its policies to better meet the needs of its stakeholders in the new country?

Yes, different cultures have different ethical and moral values. Some policies that worked before wont work in the new country. The new policies will have to align with the ethical values of the new country.

Suppose SLS has altered its policies for all operations in France and that the changes are much more favorable to employees such as a requirement to provide child and elder care services at no cost to the employee. Is SLS under any ethical burden to offer the same benefit to employees in its original country?

They are offering it to the new company. The policy should be implemented in the original country also. If they don’t do this there isn’t a company policy, just regional policies.