Shaye Trenda

ITS 370

9/23/2017

Chapter 3 Exercises

1.      What does CISSP stand for? Use the Internet to identify the ethical rules CISSP holders have agreed to follow.

CISSP stands for Certified Information Security Systems Professional. According to CareerTrend.com, there are 4 ethical rules that CISSP holders must follow or they could lose their certification. These rules are to:

1)      Protect society, the commonwealth, and the infrastructure

2)     Act honorably, honestly, justly, responsibly, and legally

3)     Provide diligent and competent service to principals

4)     Advance and protect the profession

(https://careertrend.com/list-7378134-ethical-rules-cissp.html)

2.      For what kind of information security jobs does the NSA recruit? Use the Internet to visit its Web page and find out.

The NSA recruits many kinds of information security jobs. According to the NSA Website, the following lists the different jobs and their description:

·        Computer Network Defense Analyst
Uses information collected from a variety of computer network defense resources (including intrusion detection system alerts, firewall and network traffic logs, and host system logs) to identify, analyze and report events that occur or might occur within the technical environment.

·        Computer Network Operator
Provides time-sensitive mission support by maintaining situational awareness of potential cyber threats. Leverages technical methods to manage, monitor and execute large-scale operations in response to national security requirements.

·        Capabilities Development Specialist
Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems. Detects, identifies and describes specific vulnerabilities in a system, network, component or process. Conducts software and systems engineering and software systems development in order to meet required capabilities.

·        Network Vulnerability Analyst

Identifies vulnerabilities of and potential attacks to the design and operation of network systems by relating vulnerabilities and attacks to effects on operations and missions supported by those systems. Based on this knowledge, develops effective countermeasures to potential threats.

(https://www.intelligencecareers.gov/iccareers.html)

3.      Using the resources in your library, find out what laws your state has passed to prosecute computer crime.

There are many different computer crimes and each of them have their own law. According to Wisconsin Legislature, below are the laws that the State of Wisconsin has in place for prosecution of computer crimes.

“(a) Whoever willfully, knowingly and without authorization does any of the following may be penalized as provided in pars. (b) and (c):

1. Modifies data, computer programs or supporting documentation.

2. Destroys data, computer programs or supporting documentation.

3. Accesses computer programs or supporting documentation.

4. Takes possession of data, computer programs or supporting documentation.

5. Copies data, computer programs or supporting documentation.

6. Discloses restricted access codes or other restricted access information to unauthorized persons.

(am) Whoever intentionally causes an interruption in service by submitting a message, or multiple messages, to a computer, computer program, computer system, or computer network that exceeds the processing capacity of the computer, computer program, computer system, or computer network may be penalized as provided in pars. (b) and (c).

(b) Whoever violates par. (a) or (am) is guilty of:

1. A Class A misdemeanor unless any of subds. 2. to 4. applies.

2. A Class I felony if the offense is committed to defraud or to obtain property.

3g. A Class F felony if the offense results in damage valued at more than $2,500.

3r. A Class F felony if the offense causes an interruption or impairment of governmental operations or public communication, of transportation, or of a supply of water, gas, or other public service.

4. A Class F felony if the offense creates a substantial and unreasonable risk of death or great bodily harm to another.

(c) If a person disguises the identity or location of the computer at which he or she is working while committing an offense under par. (a) or (am) with the intent to make it less likely that he or she will be identified with the crime, the penalties under par. (b) may be increased as follows:

1. In the case of a misdemeanor, the maximum fine prescribed by law for the crime may be increased by not more than $1,000 and the maximum term of imprisonment prescribed by law for the crime may be increased so that the revised maximum term of imprisonment is one year in the county jail.

2. In the case of a felony, the maximum fine prescribed by law for the crime may be increased by not more than $2,500 and the maximum term of imprisonment prescribed by law for the crime may be increased by not more than 2 years.

(3) Offenses against computers, computer equipment or supplies.

(a) Whoever willfully, knowingly and without authorization does any of the following may be penalized as provided in par. (b):

1. Modifies computer equipment or supplies that are used or intended to be used in a computer, computer system or computer network.

2. Destroys, uses, takes or damages a computer, computer system, computer network or equipment or supplies used or intended to be used in a computer, computer system or computer network.

(b) Whoever violates this subsection is guilty of:

1. A Class A misdemeanor unless subd. 2., 3. or 4. applies.

2. A Class I felony if the offense is committed to defraud or obtain property.

3. A Class H felony if the damage to the computer, computer system, computer network, equipment or supplies is greater than $2,500.

4. A Class F felony if the offense creates a substantial and unreasonable risk of death or great bodily harm to another.

(4) Computer use restriction. In addition to the other penalties provided for violation of this section, a judge may place restrictions on the offender's use of computers. The duration of any such restrictions may not exceed the maximum period for which the offender could have been imprisoned; except if the offense is punishable by forfeiture, the duration of the restrictions may not exceed 90 days.

(5) Injunctive relief. Any aggrieved party may sue for injunctive relief under ch. 813 to compel compliance with this section. In addition, owners, lessors, users or manufacturers of computers, or associations or organizations representing any of those persons, may sue for injunctive relief to prevent or stop the disclosure of information which may enable another person to gain unauthorized access to data, computer programs or supporting documentation.”

(https://docs.legis.wisconsin.gov/statutes/statutes/943/III/70/1/c)

4.      Using a Web browser, go to www.eff.org. What are the current top concerns of this organization?

The top concerns of the Electric Frontier Foundation (EFF) are: stopping SESTA (a bill that could be disastrous for free speech online), copyright law vs. internet culture, digital privacy and much more. The whole site is dedicated to concerns within the technology field.

5.      Using the ethical scenarios presented earlier in this chapter in the Offline feature called “The Use of Scenarios in Computer Ethics Studies”, finish each of the incomplete statements.

1.      Not ethical because anyone that helped him should have been acknowledged.

2.      Not ethical because is she knew there were flaws, she should have pointed them out.

3.      A. Not ethical because he was searching for loopholes instead of just doing his own work.

B. Not ethical because he was using other students’ work.

C. Not ethical because the admin probably knew the student was cheating but just didn’t care enough to stop it sooner.

4. Not ethical because he had not paid for the expensive word-processing system (but then again he wasn’t doing anything harmful and who wouldn’t keep it?)

5. Not ethical because she only did it so she wouldn’t have a service charge.

6. Ethical because everyone knew he was using the company’s computer and he wasn’t doing anything wrong.

7. a. Ethical because if she’s working there, she has the right to use the computers

    b. Not ethical because she wasn’t on a break.

8. a. Still not ethical because she had copied the program

     b. Not ethical because the copy is still hers technically

     c. Not ethical because of all the above

9. a. Not ethical because he knew they were pirated

    b. Same as above

    c. Same

10. a. Not ethical because he may have made errors but did not have any liability

      b. Not ethical because he only wanted to hire him for this reason

11. Not ethical (obviously) because she broke into a competitor’s computer system

12. a. Not ethical because they made a virus

      b. Still not ethical because that doesn’t make a difference, it’s still a virus

      c. Still not ethical because it, again, is still a virus that infected many students

 

References

Career Trend. Retrieved on September 23, 2017. https://careertrend.com/list-7378134-ethical-rules-cissp.html

Wisconsin State Legislature. Retrieved on September 23, 2017. https://docs.legis.wisconsin.gov/statutes/statutes/943/III/70/1/c

The United States Intelligence Community Careers. Retrieved on September 23, 2017. https://www.intelligencecareers.gov/iccareers.html