Josh Waring

ITS 370 Hmwk #3

Shin Ping Tucker



What does CISSP stand for?

CISSP is an acronym for “Certified Information Systems Security Professional”, which is an independent information security certification granted by the International Information System Security Certification Consortium.

What ethical rules do CISSP holders follow?

According to,  the ethical rules CISSP holders adhere to are as follows:

1)     Protect society, the commonwealth, and the infrastructure

2)     Act honorably, honestly, justly, responsibly and legally

3)     Provide diligent and competent service to principals

4)     Advance and protect the profession


What kind of Information Security jobs does the NSA offer?

The NSA offers a wide variety of information security positions, including Network Manager, Security Information Specialist, Signals Analyst, Information System Security Professional, Cyber Mitigations Engineer, Capabilities Watch Officer, etc.



Case Exercises-Discussion Questions

1)     I think Iris did the right thing by contacting the company’s hotline instead of approaching Henry.  Henry may have become agitated when confronted, and could have potentially destroyed evidence or harmed Iris in some way.  Iris did the right thing by reporting him directly.

2)     I think that Gladys (or corporate security at SLS) should be in charge of contacting the correct legal authorities.  Gladys should contact the FBI, as it is the primary U.S. law enforcement agency.

3)     I think that the CEO (Fred) and the CISO (Charlie) of SLS should be informed.  The SLS legal team should be informed, as they may need to offer reparations and assistance to clients who have potentially had their information leaked. Outside the company, the people whose information has potentially been exposed should be contacted and SLS should offer them reparations.



Case Exercises-Ethical Decision Making

Henry did not act in an ethical manner, as he violated the confidentiality and trust of SLS clients by offering to sell their information under the table.  Iris should have brought the flash drive to the IT department, as it is a violation of privacy to view someone else’s flash drive (and it may contain confidential information); also, SLS recently banned flash drives, so Iris should have brought it to the IT department for that reason as well.  If Iris had left the flash drive at the coffee station and not reported it, her actions would have been extremely unethical as she is indirectly allowing Henry to disclose confidential client information for personal gain.  Henry violated the Federal Trade Commission Act (FTCA), Fair Credit Reporting Act (FCRA), National Information Infrastructure Protection Act, and potentially other laws regarding information security and disclosure.