Xiaoling Wu

ITS 370

CH 11 Homework

04/24/20

 

 

Exercises:

 

2.      Go to the (ISC)2 Web site at www.isc2.org. Research the knowledge areas included in the tests for the CISSP and SSCP certifications. What areas must you study that are not included in this text?

Answer: CISSP certification candidates must meet the following requirements prior to taking the CISSP examination:

·         Subscribe to the (ISC)2 Code of Ethics.

·         Have at least three years of direct, full-time security experience in one or more of the 10 test domains of the information systems security Common Body of Knowledge (CBK). Valid experience includes information systems (IS) security work performed as a practitioner, auditor, consultant, vendor, investigator or instructor, or work that requires IS security knowledge and direct application of it.

·         CISSP information not covered in this text: Applications and systems development; law, investigation, and ethics; cryptography

SSCP certification candidates must meet the following requirements prior to taking the SSCP examination:

·         Subscribe to the (ISC)2 Code of Ethics.

·         Have at least one year of cumulative work experience in one or more of the seven test domains in IS security. Valid experience includes information systems security-related work performed as a practitioner or work that requires IS security knowledge and direct application of it.

·         SSCP information not covered in this text: Audits and monitoring; cryptography; malicious code and malware

 

3.      For each major information security job title covered in the chapter, list and describe the key qualifications and requirements for the position.

Answer: 1. Microsoft Certified Database Administrator (MCDA) 2. Microsoft Certified Solutions Developer (MCSD) 3. Microsoft Certified Application Developer (MCAD) 4. NetScreen

 

Case Exercises

After her meeting with Charlie, Iris returned to her office. When she had completed her daily assignments, she began to make some notes about the information security position Charlie had offered her.

Discussion Questions

1.      What questions should Iris ask Charlie about the new job, Kelvin’s team, and the future of the company?

Answer: Iris may ask while contracting with non-employee what are the special securities precautions are necessary to take.

2.      What questions should Iris ask Kelvin about the new job?

Answer: Iris may ask how to provide training to information security staff.

Ethical Decision Making

Suppose that Iris and Kelvin were involved in a romantic relationship, unknown to any- one else in the company. Such a relationship is not against company policy, but married employees are specifically prohibited from being in a direct reporting relationship with each other.

Should Iris inform Charlie about her relationship with Kelvin if she does not plan to apply for the transfer?

If she does apply for the job, but has no current plans for marriage, should she inform Charlie of her relationship?

Answer: The relationship may not be an issues for the company as most of the companies are fine with married couples working in the same organaisation. But while if they are being in a direct reporting relationship then there will be a conflict of interest.There are high chances of being more emotional than rational and taking things personal ( which may be positive or negative , favorable on non favorable).>Thus it is a case of emotional quotient and professionalism Company should align them on different verticals or having different reporting system which can avoid all the possible bias without affecting their professional interest .