[Cisspstudy] preambles questions
An.Dang at do.treas.gov
An.Dang at do.treas.gov
Wed Sep 2 08:58:41 EDT 2009
My answers would be
1) c
2) d
I hope that is correct.
-----Original Message-----
From: cisspstudy-bounces at cccure.org [mailto:cisspstudy-bounces at cccure.org] On Behalf Of cisspstudy-request at cccure.org
Sent: Wednesday, September 02, 2009 5:44 AM
To: cisspstudy at cccure.org
Subject: cisspstudy Digest, Vol 15, Issue 3
Send cisspstudy mailing list submissions to
cisspstudy at cccure.org
To subscribe or unsubscribe via the World Wide Web, visit
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
cisspstudy-request at cccure.org
You can reach the person managing the list at
cisspstudy-owner at cccure.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisspstudy digest..."
Today's Topics:
1. Re: preambles questions (ashley challackal)
2. Re: preambles questions (Jason Marshall)
3. CISSP CBK (Mohamed Halawa (IT Security Officer - ITD RO))
4. Re: preambles questions (Surendra Maurya)
----------------------------------------------------------------------
Message: 1
Date: Wed, 2 Sep 2009 09:05:12 +0530
From: ashley challackal <challackal.ashley at gmail.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] preambles questions
Message-ID:
<fa38cbb10909012035o6df68059t49dd7ea8e8a559e8 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Answers are
a)
b)
In the first scenario it is any security professionals responsibility to act
to mitigate, not to exploit the gap..
On Tue, Sep 1, 2009 at 7:30 PM, Vardhan, Aditya {PI} <
aditya.vardhan at intl.pepsico.com> wrote:
> Pl share the correct answers,
> I think these are,
> 1- a
> 2 -b
>
> -----Original Message-----
> From: cisspstudy-bounces at cccure.org
> [mailto:cisspstudy-bounces at cccure.org] On Behalf Of An.Dang at do.treas.gov
> Sent: Tuesday, September 01, 2009 5:49 PM
> To: cisspstudy at cccure.org
> Subject: Re: [Cisspstudy] preambles questions
>
> I have a few questions that are in the "gray area" of things. I have
> the answers (maybe) but want to know what the group thinks.
>
> Using ISC(2) preambles as guides, answers these questions:
>
> 1) A visiting professor is assigned to work in a university computing
> center. He found a hole in a financial transaction program that would
> enable one to collect students' social security numbers, last names, and
> other personally identifiable information. He quietly collected the
> information into a computer file and gave the file to the system
> administrator on his last day.
> a) The professor was unethical. He should have disclosed the hole right
> away.
> b) There is nothing unethical with what he did. He did not give the
> information to anyone else.
> c) Though he did nothing unethical, the professor should have disclosed
> the information because ISC(2) preambles stated responsibility to the
> public first.
> d) None of the above. ISC(2) ethics were observed.
>
> 2) An analyst for an anti-virus software company is assigned to test a
> new product. He developed an automated program to generate multiple
> instances of a computer virus with varying signatures. He wants to use
> it to test the new anti-virus software the company is going to publish.
> a) He should not use it. It is illegal to create virus.
> b) There is nothing wrong with using it since it is contained in a test
> lab and would never get out to the Internet.
> c) It is unethical to develop something that would potentially harm the
> public.
> d) It is part of his job. It is completely ethical.
>
>
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
--
with love
ashley challackal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090902/59f309d2/attachment-0001.html>
------------------------------
Message: 2
Date: Wed, 2 Sep 2009 09:01:33 +0100
From: "Jason Marshall" <JasonM at lbm.co.uk>
To: "The CISSP Study Mailing list" <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] preambles questions
Message-ID:
<9717403E82B40542ADBD07E4D28102EC684AE3 at LBMEVS01.lbm-solution.com>
Content-Type: text/plain; charset="iso-8859-1"
I agree with the 1st question but why would the answer to the second be (b) ?
IMO there is nothing unethical about cloning a virus but stating it would never leave the test lab ... how can you be sure of that? (Isn't that how some virus's get out in the first place ala "The Creeper Virus" of 1971?)
Testing AV software would involve introducing known and unknown virus's for the software to detect and I would have thought then the answer would be (d).
Can someone help me understand why it would be (b) and not (d) please ?
Jason
________________________________
From: cisspstudy-bounces at cccure.org on behalf of ashley challackal
Sent: Wed 02/09/2009 04:35
To: The CISSP Study Mailing list
Subject: Re: [Cisspstudy] preambles questions
Answers are
a)
b)
In the first scenario it is any security professionals responsibility to act to mitigate, not to exploit the gap..
On Tue, Sep 1, 2009 at 7:30 PM, Vardhan, Aditya {PI} <aditya.vardhan at intl.pepsico.com> wrote:
Pl share the correct answers,
I think these are,
1- a
2 -b
-----Original Message-----
From: cisspstudy-bounces at cccure.org
[mailto:cisspstudy-bounces at cccure.org] On Behalf Of An.Dang at do.treas.gov
Sent: Tuesday, September 01, 2009 5:49 PM
To: cisspstudy at cccure.org
Subject: Re: [Cisspstudy] preambles questions
I have a few questions that are in the "gray area" of things. I have
the answers (maybe) but want to know what the group thinks.
Using ISC(2) preambles as guides, answers these questions:
1) A visiting professor is assigned to work in a university computing
center. He found a hole in a financial transaction program that would
enable one to collect students' social security numbers, last names, and
other personally identifiable information. He quietly collected the
information into a computer file and gave the file to the system
administrator on his last day.
a) The professor was unethical. He should have disclosed the hole right
away.
b) There is nothing unethical with what he did. He did not give the
information to anyone else.
c) Though he did nothing unethical, the professor should have disclosed
the information because ISC(2) preambles stated responsibility to the
public first.
d) None of the above. ISC(2) ethics were observed.
2) An analyst for an anti-virus software company is assigned to test a
new product. He developed an automated program to generate multiple
instances of a computer virus with varying signatures. He wants to use
it to test the new anti-virus software the company is going to publish.
a) He should not use it. It is illegal to create virus.
b) There is nothing wrong with using it since it is contained in a test
lab and would never get out to the Internet.
c) It is unethical to develop something that would potentially harm the
public.
d) It is part of his job. It is completely ethical.
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
--
with love
ashley challackal
This e-mail has been sent from a PC belonging to LBM, registered office LBM House, Atlantic Street, Altrincham, Cheshire, WA14 5FY. Its contents are confidential to the sender and the intended recipient.
If you receive it in error, please tell us by return and then delete it from your system; you may not rely on its contents nor copy/disclose it to anyone.
Opinions, conclusions and statements of intent in this e-mail are those of the sender and will not bind LBM unless confirmed by an authorised representative independently of this message. We do not accept responsibility for viruses; you must scan for these.
Please note that e-mails sent to and from LBM are routinely monitored for record keeping, quality control and training purposes, to ensure regulatory compliance and to prevent viruses and unauthorised use of our computer systems.
Thank you for your co-operation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090902/794f6163/attachment-0001.html>
------------------------------
Message: 3
Date: Wed, 2 Sep 2009 10:49:53 +0200
From: "Mohamed Halawa (IT Security Officer - ITD RO)"
<Mohamed.Halawa at EGYPT.NBAD.com>
To: "The CISSP Study Mailing list" <cisspstudy at cccure.org>
Subject: [Cisspstudy] CISSP CBK
Message-ID:
<10778E0BBE71DA45ACCB10860D91D2F4566A6F at EGTBE001.EGYPT.NBAD.COM>
Content-Type: text/plain; charset="us-ascii"
Dears,
I have started to study from shon haris v.4. and I have reserved a seat
in the exam next February 2010. From your experiences does the CISSP CBK
will change ? next 2010? Or I can just study the changes if it is few ?
Please advice
Thanks & Best Regards
Mohamed Halawa
======National Bank Of Abu Dhabi Confidentiality Note======
The information in this communication is confidential and may be legally privileged. It is intended solely for the
use of the individual or entity to whom it is addressed and others authorized to receive it.If you are not the
intended recipient you are hereby notified that any disclosure, copying, distribution or taking action in reliance
of the contents of this information is strictly prohibited and may be unlawful. NBAD is neither liable for the
improper, incomplete transmission of the information contained in this communication nor any delay in its receipt.
The communication is NOT intended to operate as an electronic signature under any applicable law. NBAD assumes no
responsibility for any loss or damage resulting from the use of e-mails.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090902/e6b778cf/attachment-0001.html>
------------------------------
Message: 4
Date: Wed, 2 Sep 2009 15:12:29 +0530
From: Surendra Maurya <Surendra.Maurya at motilaloswal.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] preambles questions
Message-ID:
<D48FC3422DE87445B4D903F81A091E7016C11FE687 at EXCHG-MBOX.most.com>
Content-Type: text/plain; charset="us-ascii"
1st questions answer is a.
2nd id d because unless and until the a new software is not tested with tools can not signed off.
Thanks and Regards,
Surendra Maurya
Office: (022) 30801161
Mobile: (+91) 9004023530
________________________________
From: cisspstudy-bounces at cccure.org [mailto:cisspstudy-bounces at cccure.org] On Behalf Of Jason Marshall
Sent: Wednesday, September 02, 2009 1:32 PM
To: The CISSP Study Mailing list
Subject: Re: [Cisspstudy] preambles questions
I agree with the 1st question but why would the answer to the second be (b) ?
IMO there is nothing unethical about cloning a virus but stating it would never leave the test lab ... how can you be sure of that? (Isn't that how some virus's get out in the first place ala "The Creeper Virus" of 1971?)
Testing AV software would involve introducing known and unknown virus's for the software to detect and I would have thought then the answer would be (d).
Can someone help me understand why it would be (b) and not (d) please ?
Jason
________________________________
From: cisspstudy-bounces at cccure.org on behalf of ashley challackal
Sent: Wed 02/09/2009 04:35
To: The CISSP Study Mailing list
Subject: Re: [Cisspstudy] preambles questions
Answers are
a)
b)
In the first scenario it is any security professionals responsibility to act to mitigate, not to exploit the gap..
On Tue, Sep 1, 2009 at 7:30 PM, Vardhan, Aditya {PI} <aditya.vardhan at intl.pepsico.com<mailto:aditya.vardhan at intl.pepsico.com>> wrote:
Pl share the correct answers,
I think these are,
1- a
2 -b
-----Original Message-----
From: cisspstudy-bounces at cccure.org<mailto:cisspstudy-bounces at cccure.org>
[mailto:cisspstudy-bounces at cccure.org<mailto:cisspstudy-bounces at cccure.org>] On Behalf Of An.Dang at do.treas.gov<mailto:An.Dang at do.treas.gov>
Sent: Tuesday, September 01, 2009 5:49 PM
To: cisspstudy at cccure.org<mailto:cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] preambles questions
I have a few questions that are in the "gray area" of things. I have
the answers (maybe) but want to know what the group thinks.
Using ISC(2) preambles as guides, answers these questions:
1) A visiting professor is assigned to work in a university computing
center. He found a hole in a financial transaction program that would
enable one to collect students' social security numbers, last names, and
other personally identifiable information. He quietly collected the
information into a computer file and gave the file to the system
administrator on his last day.
a) The professor was unethical. He should have disclosed the hole right
away.
b) There is nothing unethical with what he did. He did not give the
information to anyone else.
c) Though he did nothing unethical, the professor should have disclosed
the information because ISC(2) preambles stated responsibility to the
public first.
d) None of the above. ISC(2) ethics were observed.
2) An analyst for an anti-virus software company is assigned to test a
new product. He developed an automated program to generate multiple
instances of a computer virus with varying signatures. He wants to use
it to test the new anti-virus software the company is going to publish.
a) He should not use it. It is illegal to create virus.
b) There is nothing wrong with using it since it is contained in a test
lab and would never get out to the Internet.
c) It is unethical to develop something that would potentially harm the
public.
d) It is part of his job. It is completely ethical.
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org<mailto:cisspstudy at cccure.org>
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org<mailto:cisspstudy at cccure.org>
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
--
with love
ashley challackal
[http://bde.listmanagementportal.com/signature/signature.jpg]
Click here to read the latest LBM Industry Newsletter<http://www.nxtbook.com/nxteu/LBM/intelligentcontact1/#/0>
This e-mail has been sent from a PC belonging to LBM, registered office LBM House, Atlantic Street, Altrincham, Cheshire, WA14 5FY. Its contents are confidential to the sender and the intended recipient. If you receive it in error, please tell us by return and then delete it from your system; you may not rely on its contents nor copy/disclose it to anyone. Opinions, conclusions and statements of intent in this e-mail are those of the sender and will not bind LBM unless confirmed by an authorised representative independently of this message. We do not accept responsibility for viruses; you must scan for these. Please note that e-mails sent to and from LBM are routinely monitored for record keeping, quality control and training purposes, to ensure regulatory compliance and to prevent viruses and unauthorised use of our computer systems. Thank you for your co-operation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20090902/15966c92/attachment.html>
------------------------------
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
End of cisspstudy Digest, Vol 15, Issue 3
*****************************************
More information about the cisspstudy
mailing list