[Cisspstudy] preambles questions

Jason Marshall JasonM at lbm.co.uk
Wed Sep 2 04:01:33 EDT 2009 

I agree with the 1st question but why would the answer to the second be (b) ?
 
IMO there is nothing unethical about cloning a virus but stating it would never leave the test lab ... how can you be sure of that? (Isn't that how some virus's get out in the first place ala "The Creeper Virus" of 1971?)
 
Testing AV software would involve introducing known and unknown virus's for the software to detect and I would have thought then the answer would be (d).
 
Can someone help me understand why it would be (b) and not (d) please ?
 
Jason

________________________________

From: cisspstudy-bounces at cccure.org on behalf of ashley challackal
Sent: Wed 02/09/2009 04:35
To: The CISSP Study Mailing list
Subject: Re: [Cisspstudy] preambles questions


Answers are 
a) 
b)   
In the first scenario it is any security professionals responsibility to act to mitigate, not to exploit the gap..


On Tue, Sep 1, 2009 at 7:30 PM, Vardhan, Aditya {PI} <aditya.vardhan at intl.pepsico.com> wrote:


	Pl share the correct answers,
	I think these are,
	1- a
	2 -b
	

	-----Original Message-----
	From: cisspstudy-bounces at cccure.org
	[mailto:cisspstudy-bounces at cccure.org] On Behalf Of An.Dang at do.treas.gov
	Sent: Tuesday, September 01, 2009 5:49 PM
	To: cisspstudy at cccure.org
	Subject: Re: [Cisspstudy] preambles questions
	
	I have a few questions that are in the "gray area" of things.  I have
	the answers (maybe) but want to know what the group thinks.
	
	Using ISC(2) preambles as guides, answers these questions:
	
	1) A visiting professor is assigned to work in a university computing
	center.  He found a hole in a financial transaction program that would
	enable one to collect students' social security numbers, last names, and
	other personally identifiable information.  He quietly collected the
	information into a computer file and gave the file to the system
	administrator on his last day.
	a) The professor was unethical.  He should have disclosed the hole right
	away.
	b) There is nothing unethical with what he did.  He did not give the
	information to anyone else.
	c) Though he did nothing unethical, the professor should have disclosed
	the information because ISC(2) preambles stated responsibility to the
	public first.
	d) None of the above.  ISC(2) ethics were observed.
	
	2) An analyst for an anti-virus software company is assigned to test a
	new product.  He developed an automated program to generate multiple
	instances of a computer virus with varying signatures. He wants to use
	it to test the new anti-virus software the company is going to publish.
	a) He should not use it.  It is illegal to create virus.
	b) There is nothing wrong with using it since it is contained in a test
	lab and would never get out to the Internet.
	c) It is unethical to develop something that would potentially harm the
	public.
	d) It is part of his job.  It is completely ethical.
	
	
	
	_______________________________________________
	cisspstudy mailing list
	cisspstudy at cccure.org
	http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
	
	_______________________________________________
	cisspstudy mailing list
	cisspstudy at cccure.org
	http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
	




-- 
with love 

ashley challackal

This e-mail has been sent from a PC belonging to LBM, registered office LBM House, Atlantic Street, Altrincham, Cheshire, WA14 5FY.  Its contents are confidential to the sender and the intended recipient.
If you receive it in error, please tell us by return and then delete it from your system;  you may not rely on its contents nor copy/disclose it to anyone.
Opinions, conclusions and statements of intent in this e-mail are those of the sender and will not bind LBM unless confirmed by an authorised representative independently of this message.  We do not accept responsibility for viruses;  you must scan for these.
Please note that e-mails sent to and from LBM are routinely monitored for record keeping, quality control and training purposes, to ensure regulatory compliance and to prevent viruses and unauthorised use of our computer systems.

Thank you for your co-operation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090902/794f6163/attachment.html>

More information about the cisspstudy mailing list