Ethics & Law Part 2

Question 1

True or False: IT and InfoSec do not have binding codes of ethics

Answer 1

True

Question 2

What are some professional organization for information security professionals?

Answer 2

ACM, ISACA, ISSA, SANS GIAC, EC-Council, (ISC)^2

Question 3

What are the Ten Commandments of Computer Ethics?

Answer 3

1. Do not use a computer to harm other people.
2. Do not interfere with other people’s computer work.
3. Do not snoop around in other people’s computer files.
4. Do not use a computer to steal.
5. Do not use a computer to bear false witness.
6. Do not copy or use proprietary software for which you have not paid.
7. Do not use other people’s computer resources without authorization or proper
   compensation.
8. Do not appropriate other people’s intellectual output.
9. Think about the social consequences of the program you are writing or the system
   you are designing.
10. Always use a computer in ways that ensure consideration and respect for your
    fellow humans.

Question 4

What are examples of some ethical differences across cultures?

Answer 4

Different cultures many have different views in what is ethical

Question 5

True or False: Employees must be trained and kept aware of the expected behaviors of an ethical employee

Answer 5

True

Question 6

What are the three general causes if unethical and illegal behavior?

Answer 6

1. Ignorance
2. Accident
3. Intentional

Question 7

What is the best method for preventing illegal or unethical activity?

Answer 7

Deterrence (like technical controls, policies, laws)

Question 8

What are the functions of the Department of Homeland Security (DHS)?

Answer 8

• Protect the citizens as well as the physical and informational assets of the United States.
• US-CERT provides mechanisms to report phishing and malware.
• CISA – offers services to government, industry, and private sector

Question 9

What is the U.S. Secret Service?

Answer 9

Protective services; charged with safeguarding the nation’s financial infrastructure and payments system to preserve integrity of economy

Question 10

What is the FBI?

Answer 10

• Primary law enforcement agency that investigates traditional crimes and
  cybercrimes.
• Key priorities include computer/network intrusions, identity theft, and fraud
  FBI’s National InfraGard Program
  1) Maintains an intrusion alert network
  2) Maintains a secure Web site for communication about suspicious activity or intrusions
  3) Sponsors local chapter activities
  4) Operates a help desk for questions

Question 11

What is the National Security Agency (NSA)?

Answer 11

• The nation’s cryptologic organization
• Responsible for signal intelligence and information assurance (security)
• Information Assurance Directorate (IAD) is responsible for the protection of systems that
  store, process, and transmit information of high national value.