Tanner Carlson

ITS 370



1.     What does CISSP stand for? Use the Internet to identify the ethical rules CISSP holders have agreed to follow.

The abbreviation CISSP stands for Certified Information Systems Security Professional. CISSPs have to follow the International Information Systems Security Certification Consortium, or (ICS)2. The (ICS)2 is classified into four canons. The first canon is to "protect society, the commonwealth, and the infrastructure." The second canon is to "act honorably, honestly, justly, responsibly, and legally." CISSPs must tell the truth, as well as honor all commitments and agreements. The third canon is to "provide diligent and competent service to principals."  The fourth canon is to "advance and protect the profession."

2.     For what kind of information security jobs does the NSA recruit? Use the Internet to visit its Web Page and find out.

After using the Internet to visit the NSA’s and other webpages, I found that the NSA recruits several types of information security jobs. One position that the NSA recruits for is Computer Network Defense Analyst. A Computer Network Defense Analyst for the NSA “…Uses information collected from a variety of computer network defense resources (including intrusion detection system alerts, firewall and network traffic logs, and host system logs) to identify, analyze and report events that occur or might occur within the technical environment. Other types of security jobs are Computer Network Operator and Logistics Services Officer.

3.     Using the resources in your library, find out what laws your state has passed to prosecute computer crime.

Unfortunately, I could not find the information needed for this question in our school’s library. Luckily, I was able to use the Internet to research what laws the state I live in, Minnesota, has passed to prosecute computer crime. There are three main offences that the Minnesota Computer Crime Statue is specified to prosecute. The Minnesota Computer Crime Statue views computer crime as computer damage, computer theft, and unauthorized computer access. When done with malicious intent, the Minnesota Computer Crime Statue is used to prosecute a suspect.

4.     Using a Web browser, go to www.eff.org. What are the current top concerns of this organization?

Using my favorite Web browser, Google Chrome, I visited the Electronic Frontier Foundations web site (eff.org). Based off of my research, the Electronic Frontier Foundation currently has nine main concerns. The Electronic Frontier Foundations current top nine concerns are; creativity and innovation, free speech, international, privacy, security, spearphishing, phishing, cybersecurity and transparency. On the Electronic Frontier Foundation site, they have many different articles and links to other sources for each of their nine main concerns. The Electronic Frontier Foundation also posts legal cases and FOIA requests to related issues as well.

5.     Using the ethical scenarios presented earlier in this chapter in the Offline feature called “The Use of Scenarios in Computer Ethics Studies,” finish each of the incomplete statements and bring your answers to class to compare them with those of your peers.

1.     The scientist’s failure to acknowledge the computer programmer was most likely not intentional, but most likely unethical. If the scientist credited the programmer in is paper, then I would say that if is borderline unethical not to mention the programmers name in public. The scientist should however public credit the programmer when accepting his awards.

2.     The programmers decision not to point out the design flaws was unethical. She should have at least attempted to tell the small business owner the flaws in the design.

3.     The students action in searching for the loophole was ethical if he was doing it to help better the system. The students action in continuing to access others’ records for two weeks was unethical. The system administrator’s failure to correct the problem sooner was unethical.

4.     The customer’s decision to keep the word-processing program was unethical. The customer should have at least notified the company of the mistake.

5.     The programmer’s modification of the accounting system was unethical. The programmer should mess with an accounting system for her own gain.

6.     The programmer’s weekend use of the company computer was ethical, as long as his employer did not mind.

7.     The students use of the company computer was ethical, as long as the employer did not mind. If the student had done her homework during “company time”, her use of the company computer would have been unethical.

8.     If the student destroyed her copy of the software at the end of the term, her action in copying the software was unethical. If the student forgot to destroy her copy of the software, her action would still be unethical. If the student never intended to destroy the software, her actions would be unethical.

9.     The student’s actions in downloading the games and programs, and sharing them were unethical.

10.  The programmer’s position in this situation is ethical, and the engineer’s position is unethical.

11.  The managers actions were very unethical.

12.  The students action in infecting hundreds of users’ flash drives was unethical, even if it had a message that said “Have a nice day”, and especially if it erased files.