Kohlton White
ITS 370

Chapter 3: Legal, Ethical, and Professional Issues in Information Security

Exercises

1.What does CISSP stand for? Use the Internet to identify the ethical rules CISSP holders have agreed to follow.

CISSP stands for Certified Information Systems Security Professional.

Code of Ethics Canons:

        Protect society, the common good, necessary public trust and confidence, and the infrastructure.

        Act honorably, honestly, justly, responsibly, and legally.

        Provide diligent and competent service to principles.

        Advance and protect the profession.

2. For what kind of information security jobs does the NSA recruit? Use the Internet to visit its Web page and find out.

The NSA is hiring for experience and entry level positions for Intelligence Analyst and Cryptanalysis Development.

Case Exercises

1. Should Iris have approached Henry directly, or was the hotline the most effective way to take action? Why do you think so?

The hotline is the best way to handle this kind of situation because Iris doesnít have the authority to do anything and by confronting Henry, all she would do is inform him that she knows, which will give him time to destroy as much evidence as possible, and put herself in danger if he decides to take action physical action against her. The best thing to do is to use the hotline because it should record the call, so itíll be on record, and get a supervisor or manager involve right away.

2. Should Gladys call the legal authorities? Which agency should she call?

It really depends on the situation. I would say no in this case because once she contacts her superiors on this matter, they will take the flash drive and conduct their own investigation. Also, since Iris obtained the flash drive, Jill doesnít have access to any of the leaked information and so she wonít make the payment. So, at that point in time, the threat isnít over, but itíll change things. Henry (and/or Jill) will either chicken out because someone else has the flash drive and it wonít be hard to trace it back to him. Or heíll need more time to gather the sample data again. But this all depends on Jill and how long it takes her to respond to the situation and contact Henry.

3. Do you think this matter needs to be communicated elsewhere inside the company? Who should be informed and how? How about outside the company?

At that point in time, this needs to remain an internal affair and let management know whatís going on. Iris shouldnít mention this to anyone thatís not a supervisor or manager because they donít have any authority and if Henry or Jill overhear whatís going on, theyíll start to panic and destroy the evidence.

 

Ethical Decision Making

It seems obvious that Henry is doing something wrong. Do you think Henry acted in an ethical manner? Did Iris act in an ethical manner by determining the owner of the flash drive? Assuming that this incident took place in the United States, what laws has Henry violated? Suppose Iris had placed the flash drive back at the office coffee station and forgotten the whole thing. Explain why her action would have been ethical or unethical.

Henryís actions were unethical because he was trying to profit off out stealing private and highly sensitive information. The laws that Henry broke are espionage and racketeering. As for Iris, she really didnít do anything unethical, other than looking through someone elseís flash driveÖ but her intent wasnít malicious and if she would have pretended like nothing had ever happened, then she would have endangered everyone. Thus she would have acted unethically and fail to uphold her duty of care.