<div>Answers are </div>
<div>a) </div>
<div>b) </div>
<div>In the first scenario it is any security professionals responsibility to act to mitigate, not to exploit the gap..<br><br></div>
<div class="gmail_quote">On Tue, Sep 1, 2009 at 7:30 PM, Vardhan, Aditya {PI} <span dir="ltr"><<a href="mailto:aditya.vardhan@intl.pepsico.com">aditya.vardhan@intl.pepsico.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Pl share the correct answers,<br>I think these are,<br>1- a<br>2 -b<br>
<div>
<div></div>
<div class="h5"><br>-----Original Message-----<br>From: <a href="mailto:cisspstudy-bounces@cccure.org">cisspstudy-bounces@cccure.org</a><br>[mailto:<a href="mailto:cisspstudy-bounces@cccure.org">cisspstudy-bounces@cccure.org</a>] On Behalf Of <a href="mailto:An.Dang@do.treas.gov">An.Dang@do.treas.gov</a><br>
Sent: Tuesday, September 01, 2009 5:49 PM<br>To: <a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a><br>Subject: Re: [Cisspstudy] preambles questions<br><br>I have a few questions that are in the "gray area" of things. I have<br>
the answers (maybe) but want to know what the group thinks.<br><br>Using ISC(2) preambles as guides, answers these questions:<br><br>1) A visiting professor is assigned to work in a university computing<br>center. He found a hole in a financial transaction program that would<br>
enable one to collect students' social security numbers, last names, and<br>other personally identifiable information. He quietly collected the<br>information into a computer file and gave the file to the system<br>administrator on his last day.<br>
a) The professor was unethical. He should have disclosed the hole right<br>away.<br>b) There is nothing unethical with what he did. He did not give the<br>information to anyone else.<br>c) Though he did nothing unethical, the professor should have disclosed<br>
the information because ISC(2) preambles stated responsibility to the<br>public first.<br>d) None of the above. ISC(2) ethics were observed.<br><br>2) An analyst for an anti-virus software company is assigned to test a<br>
new product. He developed an automated program to generate multiple<br>instances of a computer virus with varying signatures. He wants to use<br>it to test the new anti-virus software the company is going to publish.<br>
a) He should not use it. It is illegal to create virus.<br>b) There is nothing wrong with using it since it is contained in a test<br>lab and would never get out to the Internet.<br>c) It is unethical to develop something that would potentially harm the<br>
public.<br>d) It is part of his job. It is completely ethical.<br><br><br><br>_______________________________________________<br>cisspstudy mailing list<br><a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a><br>
<a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br><br>_______________________________________________<br>cisspstudy mailing list<br>
<a href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</a><br><a href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target="_blank">http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</a><br></div>
</div></blockquote></div><br><br clear="all">
<div></div><br>-- <br>with love <br><br>ashley challackal<br>