1.  Search the Web for security education and training programs in your area. Keep a list and see which category has the most examples. See if you can determine the costs associated with each example. Which do you think would be more cost-effective in terms of both time and money?


-      For security education could be any of the colleges in Superior/Duluth area as they all have different levels of complexity and teaching style. For security training is most an online service around non-main stream cities. So, any training is acceptable but you first would want to know what specifically would like to train in.

-      The most effective would be security education as that more in person examples and provides more opportunities for growth. For money would be a security training but not as effective as in person.


2.  Classify each of the following occurrences as an incident or disaster. If an occurrence is a disaster, determine whether business continuity plans would be called into play.


A. A hacker breaks into the company network and delete files from a server.


-      Incident, Recovery plans and backs and review of how they got in. No police


B. A fire breaks out in the storeroom and sets off sprinkles on the floor. Some computers are damaged, but the fire is contained.


-      Disaster, no business continuity plans are needed. Computers, backups, and equipment, fire department and police report.


C. A tornado hits a local power station, and the company will be without power for three to five days.


-      Disaster, business continuity plans are needed. No police. Go to a Hot Site.


D. Employees go on strike, and the company could be without critical workers for weeks.


-      Disaster, no business continuity plans are needed. Police called just to make sure no accidents or damage happens.


E.  A disgruntled employee takes a critical server home, sneaking it out after hours.


-      Incident, Police are called and backups.


Case Exercises

1.  What would be the first note you wrote down if you were Charlie?


-      Insurance of the hardware, test the backup’s regularly, and his circuit specs.


2.  What else should be on Charlie’s list?


-      IRP, DRP, BCP, Hot sites


3.  Suppose Charlie encountered resistance to his plans to improve continuity planning. What appeals could he use to sway opinions toward improved business continuity planning?


-      The risk assessment of location, hardware, and other problems that may occur.


Ethical Decision Making

1.  The polices that organizations put in place are similar to laws, in that they are directions for how to act properly. Like laws, polices should be impartial and fair, and are often founded on ethical and moral belief systems of the people who create them. In some cases, especially when organizations expand into foreign countries, they experience a form of culture shock when the laws of their new host country conflict with their internal policies.

Suppose that SLS has expanded its operations in France. Setting aside any legal requirements that SLS make its policies conform to French law, does SLS have an ethical imperative to modify its policies to better meet the needs of its stakeholders in the new country?


-      Yes, they do as they could help the departments of SLS if they have better security policies and procedures.


2.  Suppose SLS has altered its policies for all operations in France and that the changes are much more favorable to employees—such as a requirement to provide child and elder-care services at no cost to the employee. Is SLS under any ethical burden to offer the same benefit to employees in its original country?


-      Yes, as people may think its unfair but of course life is but people may want this but SLS doesn’t need to unless they decide or the government makes them.