ITS 370 Chapter 3
1.What does CISSP stand for? Use the Internet to identify the ethical rules CISSP holders have agreed to follow.
CISSP stands for Certified Information Systems Security Professional. CISSP must follow multiple rules which will be listed.
1. Protect Society, the common good, necessary public trust and confidence, and the infrastructure.
2. Act honorably, honestly, justly, responsibly, and legally.
3. Provide diligent and competent service to principles.
2. For what kind of information security jobs does the NSA recruit? Use the Internet to visit its Web page and find out.
Some of the jobs I found on the new NSA site that are related to information security are Intelligence Collection, intelligence Analysis, administrative support, communication and public affairs, and infrastructure and logistics. These are all very important jobs in the NSA and help them make sure their network is secure and allows them to monitor networks and potentially find threatening searches that may be cause for national security to be alarmed.
1.Should Iris have approached Henry directly, or was the hotline the most effective way to act? Why do you think so?
Iris did the correct thing by not approaching Henry directly. Even though it is extremely likely Henry was the culprit you wouldn’t want to risk accusing the wrong person. Secondly, if Henry is the right person you don’t want to make him aware that you know there is wrong doing, he may not be aware the flash drive is out of his possession and this gives him less time to try to cover up any sort of trail. I believe the hotline was the proper approach, Iris could’ve gone to direct management as well.
2.Should Gladys call the legal authorities? Which agency should she call?
Gladys should oversee calling the legal authorities in this situation. She is the CIO of SLS, and this would fall under her jurisdiction. She should contact the FBI in this situation and may also consider contacting the Federal Trade Commission since there was a data privacy breach.
3. Do you think this matter needs to be communicated elsewhere inside the company? Who should be informed and how? How about outside the company?
Within the company I think it is important that the lead in of the data security team is informed, the department manager of the associate, and the board of directors/CEO should be made aware because of the severity of the data breach. This is something the company may be impacted by and needs to be prepared for the consequences. You can alert these parties through a formal meeting. The external people that should be alerted are the law enforcement with jurisdiction over data breaches.
It seems obvious that Henry is doing something wrong. Do you think Henry acted in an ethical manner? Did Iris act in an ethical manner by determining the owner of the flash drive? If this incident took place in the United States, what law or laws has Henry violated? Suppose Iris had placed the flash drive back at the coffee station and forgotten the whole thing. Explain why her action would have been ethical or unethical.
Henry did not act in an ethical matter. He is putting people in harm’s way in order to achieve personal gain and this is very unethical. While Iris ultimately did the right thing because she ended up catching on to Henry’s plot, it isn’t necessarily ethical to go rooting through someone else’s flash drive at random in the way that was described. Henry violated a law of espionage and racketeering. If Iris had placed the flash drive back at the coffee station after seeing the contents she would be acting in an unethical way. She would be allowing people to be harmed by Henry’s illegal transactions.