Practice: Ethics for Cybersecurity Professionals

Multiple choice exercise

1. You work for a hospital as a security analyst. One day, you log into your work computer and see a ransom note displayed on your screen. Access to files and applications is locked. You realize this is a ransomware attack.

• Initiate a counter-attack

• Use a self-developed decryptor tool to stop the attack

• Immediately contact your supervisor

• Contact government agencies for assistance

1. A doctor you work with claims to have laptop performance issues, so you try to identify the problem. As you’re working, you notice the doctor’s laptop has unsecured patient files visible on-screen instead of within the medical practice’s secure software.

• Immediately secure the patient files

• Submit a formal complaint to Health and Human Services

• Publicly shame the doctor for not following proper procedure

• Assume the doctor knows about the issue and do nothing

1. You work for a medical device company as an entry-level security analyst. Your supervisor has asked you to securely dispose of old developer laptops, and tells you they may contain PII (personally identifiable information).

• Take the laptops home and perform a factory reset

• Dispose of the laptops without properly erasing all the data

• Store the laptops in an area designated for old equipment

• Remove the laptop and irreversibly erase all data

1. You work as an entry-level analyst for a pharmaceutical company. You receive SIEM tool alerts about unusual employee activity. You check their account activity and observe them copying confidential files to an external folder linked to an unknown destination.

• Confront the user directly regarding non-compliance with internal ethical standards

• Tell your supervisor and take no other action

• Follow provided procedures to address the issue

• Report the incident to the company's security personnel