Database System Concepts
7th Edition
ISBN: 9780078022159
Author: Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher: McGraw-Hill Education
expand_more
expand_more
format_list_bulleted
Related questions
Question
After reading the case presented in the module, write a short response to the following discussion questions and ethical decision making scenario.
Discussion Questions
- Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new
information security effort? Did Fred’s perception change after that? - How should Fred measure success when he evaluates Gladys’ performance for this project? How should he evaluate Charlie’s performance?
- Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?
Expert Solution
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
This is a popular solution
Trending nowThis is a popular solution!
Step by stepSolved in 4 steps
Follow-up Questions
Read through expert solutions to related follow-up questions below.
Follow-up Question
Ethical Decision Making
- Instead of Charlie being named CISO, suppose instead that Fred hired his son-in-law, an unemployed accountant, to fill the role. Assuming the person had no prior experience or preparation for a job in
information security , did Fred make an ethical choice? Explain your answer. - Suppose that SLS has implemented the policy prohibiting use of personal USB drives at work. Also, suppose that Davey Martinez brought in the USB drive he had used to store last month’s accounting worksheet. When he plugged in the drive, the worm outbreak started again and infected two servers. It’s obvious that Davey violated policy, but did he commit ethical violations as well?
Solution
by Bartleby Expert
Follow-up Questions
Read through expert solutions to related follow-up questions below.
Follow-up Question
Ethical Decision Making
- Instead of Charlie being named CISO, suppose instead that Fred hired his son-in-law, an unemployed accountant, to fill the role. Assuming the person had no prior experience or preparation for a job in
information security , did Fred make an ethical choice? Explain your answer. - Suppose that SLS has implemented the policy prohibiting use of personal USB drives at work. Also, suppose that Davey Martinez brought in the USB drive he had used to store last month’s accounting worksheet. When he plugged in the drive, the worm outbreak started again and infected two servers. It’s obvious that Davey violated policy, but did he commit ethical violations as well?
Solution
by Bartleby Expert
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Similar questions
- Create a remediation plan to map vulnerabilities and risks found to appropriate remediation efforts. Provide a recommendation for the fixes and include an explanation of any resources you may need (i.e., funding, expertise, etc.). Use Appendix Q from the Howard textbook to assist you in your solution .arrow_forwardWhy is it that having proper paperwork is so important to conducting a fruitful criminal investigation? Create a list of the non-computer-specific documentation that must be submitted for a given instance, starting with the bare minimum.arrow_forwardWhich five risk-control strategies should be mentioned and quickly explained?arrow_forward
- Place the capital letter of the control goal that best matches the situation described. Provide a one- or two-sentence explanation of how the situation relates to the control goal you selected. If you select more than one control goal for a situation, provide an explanation for each that you select. Hint: Some letters may be used more than once. Conversely, some letters may not apply at all. Control Goals Ensure effectiveness of operations Ensure efficient employment of resources Ensure security of resources Ensure input validity Ensure input completeness Ensure input accuracy Ensure update completeness Ensure update accuracy Situations An accounts payable clerk at C&C Company enters vendor invoices into the computer. When the invoices for a particular day were entered, the computer noted that vendor invoice 12345 appeared twice. The computer rejected the second entry (i.e., the duplicate, the invoice with the same number). In entering the invoices mentioned in situation 1, the…arrow_forwardThe results might be a widening of the scope or the inclusion of additional features. Provide precise examples to highlight the differences between the two ideas. What, in your opinion, is the root of these two problems? What would happen if these two unfavorable things happened at the same time, making this endeavor a disaster?arrow_forwardA thorough breakdown of the wait-and-see strategy is provided. What are the main disadvantages of this kind of interaction? Create a formula to determine the amount of time spent connected using this case study.arrow_forward
- It is necessary to submit a proposal for a security awareness program. All relevant elements must be present for an artifact to be considered complete and polished. It should demonstrate the incorporation of the input used to create it. The proposal will comprise an executive summary, a communication plan, an introduction to the idea, policies and procedures, suggested fixes for security flaws, and methods for continuously keeping an eye out for hostile behavior.arrow_forwardLet's conjure up a scenario in which the CIA's holy trinity of secrecy, trust, and attentiveness are all able to function together successfully.arrow_forwardThe five risk-control strategies are listed and briefly described below.arrow_forward
- A security policy is a document that provides employees with clear instructions about acceptable use of company confidential information, explains how the company secures data resources and what it expects of the people who work with this information. Most importantly, the policy is designed with enough flexibility to be amended when necessary. You are working in organization X, and you are supposed to develop an issue-specific security policy, you can pick one issue from Table.1 [1] (In the photos) Your Task is: To develop the different sections of your policy and adequate procedure(s), you can refer to SANS Policy Templates [2]. References: [1] Developing an Information Security Policy: A Case Study Approach, Fayez Hussain Alqahtani. 4th Information Systems International Conference 2017, ISICO 2017, 6-8 November 2017, Bali, Indonesia. [2] https://www.sans.org/information-security-policy/arrow_forwardBecause the "holy trinity" of the CIA, which consists of secrecy, trust, and alertness, does not seem to be operational very often, let's create up a scenario in which it is.arrow_forwardIn this section, you will prepare a risk mitigation plan using SimpleRisk. Before using SimpleRisk, you will create a paper-based plan. You will need to create three security controls in your risk mitigation plan: one control that reduces the asset value, one that reduces the vulnerability severity, and one that reduces the threat impact. Your security controls should also include examples of both strategic and tactical controls. You can refer to the following table for a clearer picture of the requirements. Security Control Reduces Level (strategic/tactical) Asset value Vulnerability severity Threat Impact Define three security controls designed to mitigate the risk associated with a recent leak of sensitive information that was stored in cleartext files. Once you have identified your security controls, use SimpleRisk to create a Risk Mitigation plan. You do not need to perform a management review in this section.arrow_forward
arrow_back_ios
arrow_forward_ios
Recommended textbooks for you
- Database System ConceptsComputer ScienceISBN:9780078022159Author:Abraham Silberschatz Professor, Henry F. Korth, S. SudarshanPublisher:McGraw-Hill Education
Starting Out with Python (4th Edition)Computer ScienceISBN:9780134444321Author:Tony GaddisPublisher:PEARSON
Digital Fundamentals (11th Edition)Computer ScienceISBN:9780132737968Author:Thomas L. FloydPublisher:PEARSON 
C How to Program (8th Edition)Computer ScienceISBN:9780133976892Author:Paul J. Deitel, Harvey DeitelPublisher:PEARSON
Database Systems: Design, Implementation, & Manag...Computer ScienceISBN:9781337627900Author:Carlos Coronel, Steven MorrisPublisher:Cengage Learning
Programmable Logic ControllersComputer ScienceISBN:9780073373843Author:Frank D. PetruzellaPublisher:McGraw-Hill Education
Database System Concepts
Computer Science
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:McGraw-Hill Education
Starting Out with Python (4th Edition)
Computer Science
ISBN:9780134444321
Author:Tony Gaddis
Publisher:PEARSON
Digital Fundamentals (11th Edition)
Computer Science
ISBN:9780132737968
Author:Thomas L. Floyd
Publisher:PEARSON
C How to Program (8th Edition)
Computer Science
ISBN:9780133976892
Author:Paul J. Deitel, Harvey Deitel
Publisher:PEARSON
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781337627900
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Programmable Logic Controllers
Computer Science
ISBN:9780073373843
Author:Frank D. Petruzella
Publisher:McGraw-Hill Education