The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program

Based on what you have read, consider the following questions and how you would reply to them:

• Does your company have an ethics program?

• Are you and your staff actively involved in the ethics program?

• Do you support the ethics program by conducting inquiries into non-compliance with the CIAPP or company ethics policies?

• Does your corporation have an ethics hotline?

• Do you discuss ethical behavior with your staff?

• If not, why not?

• If so, what do you discuss and how often?

• Do you use the corporate ethics program to support following the CIAPP?

• If so, do you try to get management to view a CIAPP noncompliance issue as also an ethics issue?