Kate Rohde

ITS 370

Chapter 3 Homework



1.     What does CISSP stand for? Use the Internet to identify the ethical rules CISSP holders have agreed to follow?

-        First Question: CISSP stands for Certified Information System Security Professional.

-        Second Question: There are four canons of ethical rules for a CISSP to follow.

                                                           i.     First Canon: Is “protect society, the commonwealth, and the infrastructure.” Essentially this means they have everyone’s best interest at heart and doesn’t allow information to be misused.

                                                          ii.     Second Canon: Is “act honorably, honestly, justly, responsibly, and legally.” Essentially be an exemplarily/stellar citizen.

                                                        iii.     Third Canon: Is “provide diligent and competent services to principals.” To have integrity and not have a conflict of personal interests.

                                                        iv.     Fourth Canon: Is “advance and protect the profession.” By following all the above Canons, they are protecting their job outlook an those around them as well. To be highly skilled professional to keep the integrity of the profession as well.


2.     For what kind of information security jobs does the NSA recruit? Use the internet to visit its Web page and find out.

-        The different careers in cyber security within the NSA are:

                                                           i.     Computer Network Defense Analyst: To recognize threats, report, and analyze them.

                                                          ii.     Computer Network Operator: Monitors cyber threats and provides support.

                                                        iii.     Capabilities Development Specialist: Researches potential problems in the future within the system. Updates software to keep it up to date and safer.


Case Exercises:


           Discussion Questions:

1.     Should Iris have approached Henry directly, or was the hotline the most effective way to take action? Why do you think so?

-        The hotline was the best way to go. This is a situation for the authorities higher up to address. If she talked to Henry directly it could be unsafe for her and the problem would most likely not be resolved. Plus it’s not completely certain that the drive is Henry’s.


2.     Should Gladys call the legal authorities? Which agency should she call?

-        Yes she should contact the legal authorities since it’s a severe security breach with social security numbers, credit card numbers, etc. . . The FBI would be a good agency for her to contact since they adept and resolving crimes both physically and cyber.


3.     Do you think this matter needs to be communicated elsewhere inside the company? Who should be informed and how? How about outside the company?

-        All the top official should be informed. Such as the CEO, and especially the CISO since they are the head of information security. They should all be informed in a private setting with all present. Perhaps even having the FBI present as well to help address the situation. Every individuals information that was compromised should be informed along with the government for the SS numbers and the credit card companies need to be informed right away to cancel the credit cards to avoid theft.


           Ethical Decision Making:


§  It seems obvious that Henry is doing something wrong. Do you think Henry acted in an ethical manner? Did Iris act in an ethical manner by determining the owner of the flash drive? Assuming that this incident took place in the United States, what law or laws has Henry violated? Suppose Iris had placed the flash drive back at the coffee station and forgotten the whole thing. Explain why her action would have been ethical

-        Absolutely not ethical in the slightest for Henry to do what he did. In all reality Iris should have never opened the drive. She should have given it to the CISO so they could determine the owner and then get it back to them. She doesn’t have the right to open personal files. What Henry did would be considered a criminal law. He broke the general computer crime laws since it was for his own financial gain. Iris’s action would not have been ethical had she left the flash drive there as flash drives often contain personal and potentially confidential information and not taking action can be considered taken the same as taking poor action or an unethical action.