Shortly after the Board of Directors meeting, Charlie was named chief information security officer to fill a new leadership position that reports to the CIO, Gladys Williams. The primary role of the new position is to provide leadership for SLSs efforts to improve its information security profile.

Discussion Questions

1. Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Freds perception change after that?

2. How should Fred measure success when he evaluates Gladys performance for this project? How should he evaluate Charlies performance?

3. Which of the threats discussed in this chapter should receive Charlies attention early in his planning process?

Ethical Decision Making

Instead of Charlie being named CISO, suppose instead that Fred hired his son-in-law, an unemployed accountant, to fill the role. Assuming the person had no prior experience or preparation for a job in information security, did Fred make an ethical choice? Explain your answer.

Suppose that SLS has implemented the policy prohibiting use of personal USB drives at work.

Also, suppose that Davey Martinez brought in the USB drive he had used to store last months accounting worksheet. When he plugged in the drive, the worm outbreak started again and infected two servers. Its obvious that Davey violated policy, but did he commit ethical violations as well?