Chapter 3

Exercise Questions


1.   What does CISSP stand for? Use the Internet to identify the ethical rules CISSP holders have agreed to follow.

The term CISSP stands for Certified Information Systems Security Professional. The ethical rules that CISSP holders have agreed to follow are the following:

         First: Protect society, the common good, necessary public trust and confidence, and the infrastructure.

         Second: Act honorably, honestly, justly, responsibly, and legally.

         Third: Provide diligent and competent service to principles.

         Fourth: Advance and protect the profession.

There also is a preamble to this code that states that the people who have that certification need to adhere and be seen to adhere to this code of ethics, and that they can be terminated if they donít follow it.


2.   For what kind of information security jobs does the NSA recruit? Use the Internet to visit its Web page and find out.

NSA (or National Security Agency) recruits for a wide variety of jobs, here are some of the jobs that they recruit for and that are currently open for application:

         NSA Polygraph Examiner: Helps ensure that only trustworthy individuals receive access to classified information by using structured polygraph examinations (including interviews and interrogations) to obtain information from affiliates that will assist in making adjudicative decisions. They are very important to make sure that important information does not fall into the wrong hands.

         Security Analyst: Helps protect agency personnel, facilities, and missions by collecting, analyzing, synthetizing and collecting data associated with counterintelligence, counterespionage and counterterrorism as it affects agency equities worldwide. These people are important to make sure that the NSA is a place that will not be part of a scandal or a target for people with bad intentions.


3.   Using the resources in your library, find out what laws your state has passed to prosecute computer crime.

In Wisconsin, for a computer crime to be considered as such, the act has to be done willfully, knowingly. They consider offenses against computer data and programs, against computers, computer equipment and supplies to be a class A misdemeanor. Depending on the intention, the class can change:

o   Against computer data and programs:

ß  If offense is to defraud or obtain property: Class I

ß  If damage is more than $2500 or the act causes interruption or impairment of government operations or public utilities or service: Class D

ß  If offense creates risk of death or bodily harm to another: Class F

o   Against computer, computer equipment or supplies

ß  To defraud or obtain property: Class H

ß  If damage is under $2500: Class F

Those laws protect against the following:

         Inference with another personís computer access or use

         Use a computer in a scheme to defraud

         Use of encryption in aid of a crime

         Improper access to a computer, system, or network

         Falsification of e-mail source information



4.   Using a Web browser, go to What are the current top concerns of this organization?

The current to concerns for eff (which stands for Electronic Frontier Foundation) are the following:

         Spearphishing: an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted userís computer.

         Border Surveillance Bill: A federal bill that would dramatically expand dragnet biometric and other surveillance of U.S. citizens and immigrants alike near and at the U.S. border.

         Equifax: The breach that happened a few weeks ago is of big concern for the EFF organization.


5.   Using the ethical scenarios presented earlier in this chapter in the Offline feature called ďThe Use of Scenarios in Computer Ethics Studies,Ē finish each of the incomplete statements and bring your answers to class to compare them with those of your peers.

a)      The scientistís failure to acknowledge the computer programmer was in my opinion a lack of good character. The scientist should have not takin full credit for work the computer programmer helped him do.

b)      The programmerís decision not to point out the design flaw was a poor decision on her part. She could have done better considering her skills and input.

c)      The studentís action in searching for the loophole was good because he was then able to tell the administrator about it. If someone with really bad intention had found out before it was fixed, a lot of people could have been victim of identity theft. The studentís action in continuing to access otherís records for two weeks was highly unethical. The system administratorís failure to correct the problem sooner was a big problem considering the size of a school, you need people with high skill to protect this data.

d)      The customerís decision to keep the word-processing program was unethical.

e)      The programmerís modification of the accounting system was a problem because she is trusted to have access to this kind of things but expected to act ethically upon it and this is not what she did in this situation.

f)       The programmerís weekend use of the company computer was not a problem since there was proof of it, if anything happened it could have been traced back to him.

g)      The studentís use of company computer was not a problem because if it was during her break she was not expected to be working so there is no problem in what she was doing.