Ch_1
1. The term morality refers to social conventions about right and wrong that are so widely shared that they
become the basis for an established consensus.
2. Ethics is a set of beliefs about right and wrong behavior within a society.
3. Virtues are habits of acceptable behavior.
4. A person who acts with integrity acts in accordance with a personal code of principles.
5. Morals are one’s personal beliefs about right and wrong.
6. Corporate social responsibility is the concept that an organization should act ethically by taking
responsibility for the impact of its actions on the environment, the community, and the welfare of its employees.
7. Supply chain sustainability focuses on developing and maintaining a supply chain that meets the
needs of the present without compromising the ability of future generations to meet their needs.
8. The public reputation of an organization strongly influences the value of its stock, how consumers regard its
products and services, the degree of oversight it receives from government agencies, and the amount of support
and cooperation it receives from its business partners.
9. The corporate ethics officer provides the organization with and vision and leadership in the area of
business conduct.
10. Law is a system of rules that tells us what we can and cannot do.
11. Section 406 of the Sarbanes-Oxley Act requires public companies to disclose whether they have
codes of ethics and disclose any waiver to their code of ethics for certain members of senior management.
12. The goal of the Sarbanes–Oxley Act was to renew investor’s.
13. Code of ethics highlights an organization’s key ethical issues and identifies the overarching values and
principles that are important to the organization and its decision-making process.
14. A(n) social audit enables an organization to review how well it is meeting its ethical and social
responsibility goals, and communicate new goals for the upcoming year.
15. formal ethics training makes employees more aware of a company’s code of ethics and how to apply
it, as well as demonstrates that the company intends to operate in an ethical manner.
16. The most important part of the decision-making process is problem definition.
17. The Common good approach to ethical decision making is based on a vision of society as a community
whose members work together to achieve a common set of values and goals.
18. Problem definition is a clear, concise description of the issue that needs to be addressed.
Ch_2
�1. A professional is someone who:
a. requires advanced training and experience
b. must exercise discretion and judgment in the course of his or her work
c. does work that cannot be standardized
d. all of the above
2. Although end users often get the blame when it comes to using illegal copies of commercial software, software
piracy in a corporate setting is sometimes directly traceable to members of the IT organization.
3. The mission of the Business Software Alliance is to stop the unauthorized copying of software
produced by its members.
4. Whistle-blowing is an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or
dangerous act by a company that threatens the public interest. True or False?
5. Fraud is the crime of obtaining goods, services, or property through deception or trickery.
6. Compliance means to be in accordance with established policies, guidelines, specifications, or legislation.
7. Society expects professionals to act in a way that:
a. causes no harm to society
b. provides significant benefits
c. establishes and maintains professional standards that protect the public
d. all of the above
8. Most organizations have a(n) Internal audit team with primary responsibilities to determine that internal
systems and controls are adequate and effective.
9. is a process that one undertakes voluntarily to prove competency in a set of skills.
a. Licensing
b. Certification
c. Registration
d. all of the above
10. Senior management (including members of the audit committee) has the option of ignoring or suppressing
recommendations of the internal audit committee. True or False?
11. Negligence has been defined as not doing something that a reasonable person would do, or doing
something that a reasonable person would not do.
12. A(n) code of ethics states the principles and core values that are essential to the work of a particular
occupational group.
Ch_3
�1. According to the 2010/11 CSI Computer Crime and Security Survey, which of the following was the most
common security incident?
a. being fraudulently misrepresented as a sender of email messages requesting personal information
b. malware infection
c. laptop or mobile hardware theft
d. employees, abuse of Internet access or email
2. Computer security incidents occur around the world, with personal computer users in developing countries
being exposed to the greatest risk of their computers being infected by malware. True or False?
3. An attack on an information system that takes advantage of a vulnerability is called a(n) exploit .
4. Virtualization software operates in a software layer that runs on top of the operating system and enables
multiple virtual machines each with their own operating system to run on a single computer.
5. The number of new software vulnerabilities identified has steadily increased each year since 2006. True or
False?
6. A(n) Zero-day attack takes places before the security community or software developer knows about the
vulnerability or has been able to repair it.
7. Software that generates and grades tests that humans can pass but that all but the most sophisticated
computer programs cannot is called CAPTCHA.
8. ransomware is a form of malware that, if a user unknowingly downloads it to his or her smartphone, takes
control of the device and its data until the owner agrees to pay a ransom to the attacker.
9. A(n) Distributed denial-of-service attack is one in which a malicious hacker takes over computers via
the Internet and causes them to flood a target site with demands for data and other small tasks.
10. A(n) Trojan horse is malicious code hidden inside a seemingly harmless program.
11. A(n) botnet is a large group of computers controlled from one or more remote locations by hackers, without
the knowledge or consent of their owners.
12. Trustworthy computing is a method of computing that delivers secure, private, and reliable computing
experiences.
13. The process of assessing security-related risks from both internal and external threats to an organization’s
computers and networks is called a(n) risk assessment.
14. The written statement that defines an organization’s security requirements as well as the controls and
sanctions used to meet those requirements is known as a:
a. risk assessment
b. security policy
c. firewall
d. none of the above
15. Implementation of a strong firewall provides adequate security for almost any network. True or False?
16. In a security incident, the primary goal must be to monitor and catch the intruder. True or False?
