Management Of Information Security
6th Edition
ISBN: 9781337405713
Author: WHITMAN, Michael.
Publisher: Cengage Learning,
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 6, Problem 1EDM
Explanation of Solution
Executive expressing disagreement with Mike’s approach:
In this scenario, the executive crossed the ethical line. It is because of the reasons given below:
- The executive tried to threaten Mike’s approach by giving some non-specific reasons...
Explanation of Solution
Overt actions taken by Mike:
“Yes”, Mike must inform others about the conversation. It is because of the following reasons:
- To gain support from others, Mike must tell others about the wrong implementation of the executive...
Explanation of Solution
Actions done by Mike that would not embarrass the other executives:
Without hurting or embarrassing the other executives, Mike could do the following things.
- Mike can conduct a meeting with the same executive to describe each and everything in detail...
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
As Charlie wrapped up the meeting, he ticked off a few key reminders for everyone involved in the asset identification project.
“Okay, everyone, before we finish, please remember that you should try to make your asset lists complete, but be sure to focus your attention on the more valuable assets first. Also, remember that we evaluate our assets based on business impact to profitability first, and then economic cost of replacement. Make sure you check with me about any questions that come up. We will schedule our next meeting in two weeks, so please have your draft inventories ready.”
Will the company get useful information from the team it has assembled? Why or why not?
Have you experienced scope creep in your development of a Risk Management Plan (or other policy)? If so, how did you handle it? If not, what actions would you have taken to control scope creep? (Remember, if you have not personally experienced this situation, please research a company or individual who has dealt with scope creep and provide a brief overview of their situation. Be sure to copy/paste the link from which you retrieved the information)
Suppose Amy Windahl left the kickoff meeting with a list of over 200 assets that needed to be evaluated. When she looked at the amount of effort needed to finish assessing the asset values and their risk evaluations, she decided to “fudge” the numbers so that she could attend a concert and then spend the weekend with her friends. In the hour just before the meeting in which the data was due, she made up some values without much consideration beyond filling in the blanks. Is Amy’s approach to her assignment ethical?
After the kickoff meeting, suppose Charlie had said, “Amy, the assets in your department are not that big of a deal for the company, but everyone on the team has to submit something. Just put anything on the forms so we can check you off the list, and then you will get the bonus being paid to all team members. You can buy me lunch for the favor.”
Is Amy now ethically justified in falsifying her data?
Has Charlie acted ethically by establishing an expected payback for this…
Chapter 6 Solutions
Management Of Information Security
Ch. 6 - Prob. 1RQCh. 6 - Prob. 2RQCh. 6 - Prob. 3RQCh. 6 - Prob. 4RQCh. 6 - Prob. 5RQCh. 6 - Prob. 6RQCh. 6 - Prob. 7RQCh. 6 - Prob. 8RQCh. 6 - Prob. 9RQCh. 6 - Prob. 10RQ
Ch. 6 - Prob. 11RQCh. 6 - Prob. 12RQCh. 6 - When you document procedures, why is it useful to...Ch. 6 - Prob. 14RQCh. 6 - Prob. 15RQCh. 6 - Prob. 16RQCh. 6 - Prob. 17RQCh. 6 - Prob. 18RQCh. 6 - Prob. 19RQCh. 6 - Prob. 20RQCh. 6 - Prob. 1ECh. 6 - Prob. 2ECh. 6 - Prob. 3ECh. 6 - Prob. 4ECh. 6 - Prob. 5ECh. 6 - Prob. 1DQCh. 6 - Prob. 2DQCh. 6 - Prob. 1EDM
Knowledge Booster
Similar questions
- An outside consultant has been hired to perform a risk analysis for a company. As part of the report, he details the likelihood of certain events occurring, as well as the impact they would have. Which of the following could he use to display this information in his report? a. Impact analysis b. Risk matrix c. Qualitative risk calculation d. Quantitative risk calculationarrow_forwardI would appreciate it if you could list and quickly describe each of the five different risk management strategies that are available.arrow_forwardThere's an opinion that the board should compensate senior management for helping the firm achieve its goals. It is up to the board of directors to decide on annual incentives depending on the company's share price. Rather than cash, managers will get bonuses in the form of stock, which they may either retain or sell. What are the long-term consequences of this bonus programme?arrow_forward
- Discuss and write a short summary on how to help Chris and the company in managing the riskarrow_forwardBecause NDCP is a membership cooperative, Dunkin' Donuts franchisees are both owners and customers. What might be some advantages to such an ownership structure in terms of getting the support of all stake holders for massive protection as the one NDCP undertook? What might be some disadvantages?arrow_forwardAs a risk manager of an emerging property investment company, you have been asked to conduct a security risk profile. You have already identified a risk register with associated sensitivity. However, your manager would like to have a high-level view of the risk impact categories for the identified resources. Explain to your manager the most common impact categories that should be included in a security profile and the reasons why.arrow_forward
- You have just assumed the position of CISO at MegaCorp (The last CISO was fired). Outline in a memo the strategies and tactics you plan to use to reduce MegaCorp’s residual risk to a tolerable level.arrow_forwardA recommended approach is that the people assigned to implement a risk management program should begin by studying the models presented earlier in this chapter and identifying what each offers to the envisioned process. Once the organization understands what each risk management model offers, it can adapt one that is a good fit for the specific needs at hand. Which risk control strategy would you consider the most effective and why? When should the strategy be used and why should it not be used for all risks?arrow_forwardYou have been tasked to initiate a risk management program for your company. The CEO has just asked you to succinctly explain the relationship between impact, threat, and vulnerability. Think quick on your feet and give a single sentence that explains the relationshiparrow_forward
- When conducting an audit, business risk must be considered. a) Define business risk in the context of an audit and outline various potential sources of risk. b) What is the relationship between business risk and the audit's preliminary analytical procedures? c) When preparing an audit engagement, there are four key areas to consider, each with its own set of sub-areas. Please indicate the four primary regions as well as the relevant sub-parts.arrow_forwardAfter reading the case presented in the module, write a short response to the following discussion questions and ethical decision making scenario. Discussion Questions Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Fred’s perception change after that? How should Fred measure success when he evaluates Gladys’ performance for this project? How should he evaluate Charlie’s performance? Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?arrow_forwardDiscuss how scenario building can be used as an important tool in risk management. In your answer, show steps that are required to build a scenario.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,