Paul Shaw

2/14/20

ITS 370

Chapter 3

Exercises

            4. Using a Web browser, go to www.eff.org. What are the current top concerns of this organization?

                        The people at EFF are currently concerned with defending free speech online, stopping illegal surveillance, supporting freedom enhancing technology, and allowing people to use and create as they please, on top of their initial privacy and freedom of use from their inception.

1.    What does CISSP stand for? Use the internet to identify the ethical rules CISSP holders have agreed to follow.

CISSP stands for Certified Information Systems Security Professional, who have to follow rules of ethics such as; Protect society, the common good, necessary public trust and confidence, and the infrastructure; Act honorably, honestly, justly, responsibly, and legally; Provide diligent and competent service to principals; Advance and protect the profession.

Case Exercises

            Discussion Questions

1.    Should Iris have approached Harry directly? Or was the hotline the most effective way to take action? Why do you think so?

I think the hotline was the most effective way to handle the situation, as taking the matter up with Harry could be incredibly risky. She made the right call, but adding her name to the report added quite a bit of extra work to her day.

2.    Should Gladys call the legal authorities? Which agency should she call?

Gladys should call the NSA as this is a breach of information security.

3.    Do you think this matter needs to be communicated elsewhere inside the company? Who should be informed and how? How about outside the company?

Outside the company, the NSA should be involved, inside the company, security and some higher ups should be notified, but they should probably investigate the matter quietly overall.

            Ethical Decision making

1.    It seems obvious that Henry is doing something wrong. Do you think Henry acted in an ethical manner? Did Iris act in an ethical manner by determining the owner of the flash drive? Assuming this incident took place in the United States, what law or laws has Henry violated? Suppose Iris had placed the flash drive back at the coffee station and forgotten the whole thing. Explain why her action would have been ethical or unethical.

Henry did not act in an ethical manner with his selling of company documents. Iris did act in an ethical manner by attempting to locate the owner of the drive, but did so in an unethical way by accessing the drive herself. Henry violated the protection of credit information, criminal intent, and access to stored communications laws, I think. Iris would have neither been ethical or unethical if she had left the flash drive on the table, as she had no way of knowing if someone was coming to get It back, and she could just have let someone else access it or take it to lost and found.