Management Of Information Security
6th Edition
ISBN: 9781337405713
Author: WHITMAN, Michael.
Publisher: Cengage Learning,
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 6, Problem 1EDM
Explanation of Solution
Executive expressing disagreement with Mike’s approach:
In this scenario, the executive crossed the ethical line. It is because of the reasons given below:
- The executive tried to threaten Mike’s approach by giving some non-specific reasons...
Explanation of Solution
Overt actions taken by Mike:
“Yes”, Mike must inform others about the conversation. It is because of the following reasons:
- To gain support from others, Mike must tell others about the wrong implementation of the executive...
Explanation of Solution
Actions done by Mike that would not embarrass the other executives:
Without hurting or embarrassing the other executives, Mike could do the following things.
- Mike can conduct a meeting with the same executive to describe each and everything in detail...
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
Have you experienced scope creep in your development of a Risk Management Plan (or other policy)? If so, how did you handle it? If not, what actions would you have taken to control scope creep? (Remember, if you have not personally experienced this situation, please research a company or individual who has dealt with scope creep and provide a brief overview of their situation. Be sure to copy/paste the link from which you retrieved the information)
Ethical Decision Making
Suppose Amy Windahl left the kickoff meeting with a list of over 200 assets that needed to be evaluated. When she looked at the amount of effort needed to finish assessing the asst value and their risk evaluations, she decided to "fudge" the numbers so that she could attend a concert and then spend the weekend with her friends. In the hour just before the meeting, in which the data was due, she made up some values without much consideration beyond filling in the blanks. Is Amy's approach to her assignment ethical?
After the kickoff meeting, suppose Charlie had said, "Amy, the assets in your department are not that big of a deal for the company, but everyone on the team has to submit something. Just put anything on the forms so we can check you off the list, and then you will get the bonus being paid to all team members. You can buy me lunch for the favor."
Is Amy now ethically justified in falsifying her data? Has Charlie acted ethically by establishing an…
Suppose Amy Windahl left the kickoff meeting with a list of over 200 assets that needed to be evaluated. When she looked at the amount of effort needed to finish assessing the asset values and their risk evaluations, she decided to “fudge” the numbers so that she could attend a concert and then spend the weekend with her friends. In the hour just before the meeting in which the data was due, she made up some values without much consideration beyond filling in the blanks. Is Amy’s approach to her assignment ethical?
After the kickoff meeting, suppose Charlie had said, “Amy, the assets in your department are not that big of a deal for the company, but everyone on the team has to submit something. Just put anything on the forms so we can check you off the list, and then you will get the bonus being paid to all team members. You can buy me lunch for the favor.”
Is Amy now ethically justified in falsifying her data?
Has Charlie acted ethically by establishing an expected payback for this…
Chapter 6 Solutions
Management Of Information Security
Ch. 6 - Prob. 1RQCh. 6 - Prob. 2RQCh. 6 - Prob. 3RQCh. 6 - Prob. 4RQCh. 6 - Prob. 5RQCh. 6 - Prob. 6RQCh. 6 - Prob. 7RQCh. 6 - Prob. 8RQCh. 6 - Prob. 9RQCh. 6 - Prob. 10RQ
Ch. 6 - Prob. 11RQCh. 6 - Prob. 12RQCh. 6 - When you document procedures, why is it useful to...Ch. 6 - Prob. 14RQCh. 6 - Prob. 15RQCh. 6 - Prob. 16RQCh. 6 - Prob. 17RQCh. 6 - Prob. 18RQCh. 6 - Prob. 19RQCh. 6 - Prob. 20RQCh. 6 - Prob. 1ECh. 6 - Prob. 2ECh. 6 - Prob. 3ECh. 6 - Prob. 4ECh. 6 - Prob. 5ECh. 6 - Prob. 1DQCh. 6 - Prob. 2DQCh. 6 - Prob. 1EDM
Knowledge Booster
Similar questions
- An outside consultant has been hired to perform a risk analysis for a company. As part of the report, he details the likelihood of certain events occurring, as well as the impact they would have. Which of the following could he use to display this information in his report? a. Impact analysis b. Risk matrix c. Qualitative risk calculation d. Quantitative risk calculationarrow_forwardYour team represents the ERP Design and Development Project for a XYZ hospital. Your company's senior management has requested that you prepare a risk management plan that identifies potential risks and identifies risk management strategies. From the course content and readings, you know that the overall purpose of risk planning is to anticipate possible risk events and be ready to take appropriate action when risk events occur, to eliminate or reduce negative impacts on the project. Following features must be addressed in your risk management strategy:• Realistic Assumptions based on the scenario• Risk identification (Risk item checklist)• Risk projection (developing a risk table and Assessing risk impact)• Risk Mitigation and Monitoring planarrow_forwardI would appreciate it if you could list and quickly describe each of the five different risk management strategies that are available.arrow_forward
- As a risk manager of an emerging property investment company, you have been asked to conduct a security risk profile. You have already identified a risk register with associated sensitivity. However, your manager would like to have a high-level view of the risk impact categories for the identified resources. Explain to your manager the most common impact categories that should be included in a security profile and the reasons why.arrow_forwardBecause NDCP is a membership cooperative, Dunkin' Donuts franchisees are both owners and customers. What might be some advantages to such an ownership structure in terms of getting the support of all stake holders for massive protection as the one NDCP undertook? What might be some disadvantages?arrow_forwardYou have just assumed the position of CISO at MegaCorp (The last CISO was fired). Outline in a memo the strategies and tactics you plan to use to reduce MegaCorp’s residual risk to a tolerable level.arrow_forward
- A recommended approach is that the people assigned to implement a risk management program should begin by studying the models presented earlier in this chapter and identifying what each offers to the envisioned process. Once the organization understands what each risk management model offers, it can adapt one that is a good fit for the specific needs at hand. Which risk control strategy would you consider the most effective and why? When should the strategy be used and why should it not be used for all risks?arrow_forwardYou have been tasked to initiate a risk management program for your company. The CEO has just asked you to succinctly explain the relationship between impact, threat, and vulnerability. Think quick on your feet and give a single sentence that explains the relationshiparrow_forwardDiscuss how scenario building can be used as an important tool in risk management. In your answer, show steps that are required to build a scenario.arrow_forward
- What exactly is the meaning of the term "risk management"? Discussing the process of risk management using the graphic is highly recommended.arrow_forwardYou have been tasked to measure the likelihood of different identified risksusing the FAIR approach. Based on your experience, you have chosen to focuson the Loss Event Frequency (LEF) factor.Defend your decision by discussing the four fundamental factors related to LEF.arrow_forwardProvide a rundown of the five different approaches to risk management, along with a concise explanation of each one.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Information Technology Project ManagementComputer ScienceISBN:9781337101356Author:Kathy SchwalbePublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Information Technology Project Management
Computer Science
ISBN:9781337101356
Author:Kathy Schwalbe
Publisher:Cengage Learning