Prepared by Sally Chan, CGEIT,
CPA, CMA, ACIS
1. Broadly, machine ethics is a discipline that attempts to
address the ethics of artificial intelligence (AI). Attempts to
articulate moral dimensions are relatively recent. This leap
from computer ethics to machine ethics is necessary due to the
elevated status of computers from mere enablers to intelligent
collaborators with humans.
2. Mobile computing cannot be seen as an agent with ethical
impact. It does not make decisions and is not responsible for
the moral dimensions of human behavior.
3. Application (app) development is a regulated market. The degree
of app quality assurance does not depend on who provides them.
4. IT and information security practitioners agree that the four
pillars that enable sustainable success are governance, process,
technology and people. People should be considered the
weakest link and the existence of the great digital uninformed
(GDU) makes success hard to achieve.
5. The characteristics of GDU behavior that are easy to change
include: the shifting boundaries between work and home
life, autonomy and independence, and device owners with
information security and data protection responsibilities and a
lack of personal engagement.
6. A purely white-list style validation allows for false negatives to
fall through the cracks in some scenarios. A combination of
black-list and whitelist styles in production is generally not used.
7. Input/output (I/O) validation goes a long way toward adding a
very useful layer of security by ensuring that only well-defined
data move across the code. Some of the most notorious security
vulnerabilities, such as buffer overflows and injection loopholes,
are made exploitable with missing and insufficient validation.
8. It is important to pick well-used and vetted code bases,
particularly for cryptography. A well-reputed code base will
have an army of people looking for problems with it and an
army of people using it who have the incentive to fix it.
9. A Harris Interactive survey sponsored by Fiberlink found that
nearly 82 percent of employees are concerned about employers
viewing private information on their personal device. Some
of the user BYOD privacy concerns include locking, disabling
and data wiping, as well as GPS and location information.
10. ISACA’s BYOD Audit/Assurance Program is a tool and
template to be used as a road map for the completion of a
specific assurance process. The BYOD program focuses on
risk management, managing device configuration and security,
human resources, and training users. BYOD assurance based on
the COBIT framework can be part of an organization’s overall
assurance program by including BYOD and privacy in the scope.
11. The Association of Certified Fraud Examiners (ACFE) has
estimated that about 80 percent of all companies around the
world experienced some type of fraud in 2012, with total
global losses due to fraud exceeding US $3 trillion annually.
12. The goal of a current-state analysis and assessment is to
understand the overall fraud capability and health of the
organization. The current-state analysis should cover the
entire spectrum for the life cycle of fraud prevention—from
awareness, understanding, adoption, implementation,
operations and enforcement of fraud-relevant policy and
procedures, to fraud data analysis, investigation, process
improvement, and reporting and development.
13. The IBM capability maturity model is a balanced assessment
approach across the critical domains of the enterprise
fraud risk management program and processes. It allows
organizations to dive into their specific capabilities and further
evaluate and determine their current state of fraud prevention
as compared to industry best practices.
14. Kotter’s eight steps to leading change do not have to be
worked through in sequence. Skipping one or more steps to try
and accelerate the process would not cause problems.
15. Information security managers need to create a vision and
information security strategy to guide information security
operations. They must empower all stakeholders to play their
role and act on the information security vision.
16. One of the key information security initiatives to establishing a
sense of urgency is to nominate information security champions
who have the energy and time to champion information security
as focus groups in each business unit and all branches.
Based on Volume 5, 2014—Mobile Devices
Value— 1 Hour of CISA/CISM/CGEIT/CRISC Continuing Professional Education (CPE) Credit
TRUE OR FALSE
Take the quiz online: