[Cisspstudy] preambles questions

ashley challackal challackal.ashley at gmail.com
Tue Sep 1 23:35:12 EDT 2009 

Answers are
a)
b)
In the first scenario it is any security professionals responsibility to act
to mitigate, not to exploit the gap..

On Tue, Sep 1, 2009 at 7:30 PM, Vardhan, Aditya {PI} <
aditya.vardhan at intl.pepsico.com> wrote:

> Pl share the correct answers,
> I think these are,
> 1- a
> 2 -b
>
> -----Original Message-----
> From: cisspstudy-bounces at cccure.org
> [mailto:cisspstudy-bounces at cccure.org] On Behalf Of An.Dang at do.treas.gov
> Sent: Tuesday, September 01, 2009 5:49 PM
> To: cisspstudy at cccure.org
> Subject: Re: [Cisspstudy] preambles questions
>
> I have a few questions that are in the "gray area" of things.  I have
> the answers (maybe) but want to know what the group thinks.
>
> Using ISC(2) preambles as guides, answers these questions:
>
> 1) A visiting professor is assigned to work in a university computing
> center.  He found a hole in a financial transaction program that would
> enable one to collect students' social security numbers, last names, and
> other personally identifiable information.  He quietly collected the
> information into a computer file and gave the file to the system
> administrator on his last day.
> a) The professor was unethical.  He should have disclosed the hole right
> away.
> b) There is nothing unethical with what he did.  He did not give the
> information to anyone else.
> c) Though he did nothing unethical, the professor should have disclosed
> the information because ISC(2) preambles stated responsibility to the
> public first.
> d) None of the above.  ISC(2) ethics were observed.
>
> 2) An analyst for an anti-virus software company is assigned to test a
> new product.  He developed an automated program to generate multiple
> instances of a computer virus with varying signatures. He wants to use
> it to test the new anti-virus software the company is going to publish.
> a) He should not use it.  It is illegal to create virus.
> b) There is nothing wrong with using it since it is contained in a test
> lab and would never get out to the Internet.
> c) It is unethical to develop something that would potentially harm the
> public.
> d) It is part of his job.  It is completely ethical.
>
>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>



-- 
with love

ashley challackal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090902/59f309d2/attachment.html>

More information about the cisspstudy mailing list