ORGANIZATION GUIDELINES AND STANDARDS
Organization 1
SANS Institute is a well-known organization that provides intensive training designed to
help IT security professionals master the practical steps necessary for def
...
ORGANIZATION GUIDELINES AND STANDARDS
Organization 1
SANS Institute is a well-known organization that provides intensive training designed to
help IT security professionals master the practical steps necessary for defending systems
and networks against the most dangerous threats.
SANS Guidelines
One guideline that struck out to me is “I will conduct my business in a manner that
assures the IT profession is considered one of integrity and professionalism.” Furthermore,
not to use availability and access to information for personal gains through corporate
espionage.
Tie to Case Study
Within the case study, Carl Jasper used his position to have other employees create
dummy accounts for the sole purpose of information gathering on outside governments as
well as internal departments including, HR, and finance.
Organization 2
GIAC is also a well-known organization that provides certifications to validate the realworld skills of IT security professionals.
GIAC’s Guidelines
In GIAC’s code of ethics states “The scope and responsibilities of an information security
professional are diverse and afford a great deal of responsibility and trust in protecting the
confidentiality, integrity and availability of an organization’s information assets.”
Tie to Case Study
There are two situations in the case study that go against GIAC’s guidelines. The first is
when Carl Jasper signed a non-disclosure agreement with two companies, and later leaked
that information to the competitors. The second is the lack of safeguarding sensitive and
proprietary information belonging to clients. TechFite did not take the responsibility of
protecting the confidentiality of client information.
This study source was downloaded by 100000831777157 from CourseHero.com on 07-14-2022 23:47:17 GMT -05:00
https://www.coursehero.com/file/98820573/C841-Task-2-1st-submissionpdf/
PAGE 2
BEHAVIORS OF UNETHICAL PRACTICES
Behavior 1
There was a lack of documentation on internal oversight, especially in the BI unit. Within
the BI unit every workstation had full admin rights, there was no principles of least
privilege or separation of duties.
Actors
The first actor in this case is Nadia Johnson, she was the one responsible for providing the
proper documentation and checking for internal vulnerabilities. The second actor is Carl
Jasper as he was the one who was using Nadia Johnson for his own agenda. Nadia helped
Carl by overlooking the internal system.
Practice
This behavior showcases the failure in trust of protecting the organizations information
assets. The actor failed to adhere to the ethical principles of best practices and standards.
Behavior 2
The BI unit used dummy accounts to gain access to groups within their organization,
without proper authorization. They escalated their privileges to gain access to financial
and executive documentation.
Actors
The whole BI unit are the actors here, all employees are IT security professionals, they
should know what is ethical and what is not. Even if a superior is giving the orders.
Practice
This behavior shows that the actors are violating the overall IT security code of ethics.
Protect information of employers, clients, and users.
FACTORS THAT LED TO LAX BEHAVIOR
Factor 1
The first factor that led to lax
[Show More]