<HTML dir=ltr><HEAD>
<META http-equiv=Content-Type content="text/html; charset=unicode">
<META content="MSHTML 6.00.6000.16890" name=GENERATOR></HEAD>
<BODY>
<DIV id=idOWAReplyText20419 dir=ltr>
<DIV dir=ltr><FONT face=Tahoma color=#000000 size=2>I agree with the 1st question but why would the answer to the second be (b) ?</FONT></DIV>
<DIV dir=ltr><FONT face=Tahoma size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Tahoma size=2>IMO there is nothing unethical about cloning a virus but stating it would <STRONG>never</STRONG> leave the test lab ... how can you be sure of that? (Isn't that how some virus's get out in the first place ala "The Creeper Virus" of 1971?)</FONT></DIV>
<DIV dir=ltr><FONT face=Tahoma size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Tahoma size=2>Testing AV software would involve introducing known and unknown virus's for the software to detect and I would have thought then the answer would be (d).</FONT></DIV>
<DIV dir=ltr><FONT face=Tahoma size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Tahoma size=2>Can someone help me understand why it would be (b) and not (d) please ?</FONT></DIV></DIV>
<DIV dir=ltr><FONT face="Times New Roman" size=3></FONT> </DIV>
<DIV dir=ltr>Jason</DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> cisspstudy-bounces@cccure.org on behalf of ashley challackal<BR><B>Sent:</B> Wed 02/09/2009 04:35<BR><B>To:</B> The CISSP Study Mailing list<BR><B>Subject:</B> Re: [Cisspstudy] preambles questions<BR></FONT><BR></DIV>
<DIV>
<DIV>Answers are </DIV>
<DIV>a) </DIV>
<DIV>b) </DIV>
<DIV>In the first scenario it is any security professionals responsibility to act to mitigate, not to exploit the gap..<BR><BR></DIV>
<DIV class=gmail_quote>On Tue, Sep 1, 2009 at 7:30 PM, Vardhan, Aditya {PI} <SPAN dir=ltr><<A href="mailto:aditya.vardhan@intl.pepsico.com">aditya.vardhan@intl.pepsico.com</A>></SPAN> wrote:<BR>
<BLOCKQUOTE class=gmail_quote style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Pl share the correct answers,<BR>I think these are,<BR>1- a<BR>2 -b<BR>
<DIV>
<DIV></DIV>
<DIV class=h5><BR>-----Original Message-----<BR>From: <A href="mailto:cisspstudy-bounces@cccure.org">cisspstudy-bounces@cccure.org</A><BR>[mailto:<A href="mailto:cisspstudy-bounces@cccure.org">cisspstudy-bounces@cccure.org</A>] On Behalf Of <A href="mailto:An.Dang@do.treas.gov">An.Dang@do.treas.gov</A><BR>Sent: Tuesday, September 01, 2009 5:49 PM<BR>To: <A href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</A><BR>Subject: Re: [Cisspstudy] preambles questions<BR><BR>I have a few questions that are in the "gray area" of things. I have<BR>the answers (maybe) but want to know what the group thinks.<BR><BR>Using ISC(2) preambles as guides, answers these questions:<BR><BR>1) A visiting professor is assigned to work in a university computing<BR>center. He found a hole in a financial transaction program that would<BR>enable one to collect students' social security numbers, last names, and<BR>other personally identifiable information. He quietly collected the<BR>information into a computer file and gave the file to the system<BR>administrator on his last day.<BR>a) The professor was unethical. He should have disclosed the hole right<BR>away.<BR>b) There is nothing unethical with what he did. He did not give the<BR>information to anyone else.<BR>c) Though he did nothing unethical, the professor should have disclosed<BR>the information because ISC(2) preambles stated responsibility to the<BR>public first.<BR>d) None of the above. ISC(2) ethics were observed.<BR><BR>2) An analyst for an anti-virus software company is assigned to test a<BR>new product. He developed an automated program to generate multiple<BR>instances of a computer virus with varying signatures. He wants to use<BR>it to test the new anti-virus software the company is going to publish.<BR>a) He should not use it. It is illegal to create virus.<BR>b) There is nothing wrong with using it since it is contained in a test<BR>lab and would never get out to the Internet.<BR>c) It is unethical to develop something that would potentially harm the<BR>public.<BR>d) It is part of his job. It is completely ethical.<BR><BR><BR><BR>_______________________________________________<BR>cisspstudy mailing list<BR><A href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</A><BR><A href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target=_blank>http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</A><BR><BR>_______________________________________________<BR>cisspstudy mailing list<BR><A href="mailto:cisspstudy@cccure.org">cisspstudy@cccure.org</A><BR><A href="http://cccure.org/mailman/listinfo/cisspstudy_cccure.org" target=_blank>http://cccure.org/mailman/listinfo/cisspstudy_cccure.org</A><BR></DIV></DIV></BLOCKQUOTE></DIV><BR><BR clear=all>
<DIV></DIV><BR>-- <BR>with love <BR><BR>ashley challackal<BR></DIV><img src="http://bde.listmanagementportal.com/signature/signature.jpg">
<br>
<br>
<B><SPAN style="FONT-FAMILY: 'Tahoma','sans-serif'; COLOR: #1f497d; FONT-SIZE: 9pt"><A title=http://www.nxtbook.com/nxteu/LBM/intelligentcontact1/#/0
href="http://www.nxtbook.com/nxteu/LBM/intelligentcontact1/#/0">Click here to
read the latest LBM Industry Newsletter</A></SPAN></B>
<br>
<br>
This e-mail has been sent from a PC belonging to LBM, registered office LBM House, Atlantic Street, Altrincham, Cheshire, WA14 5FY. Its contents are confidential to the sender and the intended recipient.
If you receive it in error, please tell us by return and then delete it from your system; you may not rely on its contents nor copy/disclose it to anyone.
Opinions, conclusions and statements of intent in this e-mail are those of the sender and will not bind LBM unless confirmed by an authorised representative independently of this message. We do not accept responsibility for viruses; you must scan for these.
Please note that e-mails sent to and from LBM are routinely monitored for record keeping, quality control and training purposes, to ensure regulatory compliance and to prevent viruses and unauthorised use of our computer systems.
Thank you for your co-operation.
</BODY></HTML>