Xiaoling Wu

ITS 370

Ch 4 Homework



2. Search the Web for security education and training programs in your area. Keep a list and see which category has the most examples. See if you can determine the costs associated with each example. Which do you think would be more cost-effective in terms of both time and money?


Examples will vary over time. For security professionals, education would be more effective because it would give them the background to learn security principles and the ability to apply them in real-world situations. Training, on the other hand, would be specific to a particular product or topic in information security and would have a limited scope. Training would be beneficial to people who administer a specific type of system, but it would not give them the background needed to make plans for an organization’s information security as a whole.

While courses and training programs are offered in all areas, there does seem to be a greater focus on incident response. On average, these programs seem more expensive than security awareness training programs. Security training would be more cost-effective than education in terms of time and money.


5.Classify each of the following occurrences as an incident or disaster. If an occurrence is a disaster, determine whether business continuity plans would be called into play.


a.   This occurrence would be considered an incident unless the deleted files were crucial to the continuation of the business and it was unprepared (in other words, it had no backups for the files). Without file backups, the occurrence would be considered a disaster.

b.   This occurrence would be considered a disaster.

c.   This occurrence would be considered a disaster in which business continuity plans would be called into play.

d.   This occurrence would be considered a disaster in which business continuity plans would be called into play.

e.   If the server could not be replaced in an acceptable amount of time, this occurrence would be considered a disaster. Depending on the nature of the business, business continuity plans could be called into play.


Case Exercises:

Charlie sat at his desk the morning after his nightmare. He had answered the most pressing e-mails in his inbox and had a piping hot cup of coffee at his elbow. He looked down at a blank legal pad, ready to make notes about what to do in case his nightmare became reality.


Discussion Questions:

1.      What would be the first note you wrote down if you were Charlie?

 Answer: The first note I would of wrote down if I was Charlie is creating a system to back up the company's data. This should be a system that invested into from the start which provides consistent updates that can keep up with technology a regularly backing up data.


2.      What else should be on Charlie’s list?

 Answer: Charlie should invest fully into the technology brand of the company buying into warranty and insurances to protect the company in cases of incidents of equipment being destroyed and backing company information protecting from potential threats that could the organization.


3.      Suppose Charlie encountered resistance to his plans to improve continuity planning. What appeals could he use to sway opinions toward improved business continuity planning?

 Answer: Continuity planning is like insurance. By preventing issues before they begin, SLS can potentially save millions in data, recovery costs, and time. Much like having fire drills prepare people for dangerous emergencies, continuity planning helps a company prepare and keep its data safe.



Ethical Decision Making:


The policies that organizations put in place are similar to laws, in that they are directives for how to act properly. Like laws, policies should be impartial and fair, and are often founded on ethical and moral belief systems of the people who create them.

In some cases, especially when organizations expand into foreign countries, they experience a form of culture shock when the laws of their new host country conflict with their internal policies. Suppose that SLS has expanded its operations in France. Setting aside any legal requirements that SLS make its policies conform to French law, does SLS have an ethical imperative to modify its policies to better meet the needs of its stakeholders in the new country?


Answer: Yes, SLS must have an ethical imperative to change its policies according to the laws and ethics of the new country. Because each country will be having its own ethics and laws based on its economic conditions, culture etc. Because the SLS has setup its operation center in that country it must follow according to this country rules.


Suppose SLS has altered its policies for all operations in France and that the changes are much more favorable to employees—such as a requirement to provide child and elder-care services at no cost to the employee. Is SLS under any ethical burden to offer the same benefit to employees in its original country?


 Answer: Yes of course SLS will get Ethical burden if they offer the same benefit to the employees. And also, it is bare to set ethical rules of one country in another country. Because each country will have its own rules. Coming to this situation it is more beneficial to the employees, here because of this employee obviously get benefitted from this but the company will spend amount from profits in this case. If there is less profit generating then company will go under financial crisis. Also, if the company setup its operation center in some other country there the amount generated to that organization will be different and the amount generation in our country is different. So, the final opinion is it is ethical burden to the company.