Case Exercise

Iris called the company security hotline. The hotline was an anonymous way to report any suspicious activity or abuse of company policy, although Iris chose to identify herself. The next morning, she was called to a meeting with an investigator from corporate security, which led to more meetings with others in corporate security, and then finally a meeting with the director of human resources and Gladys Williams, the CIO of SLS.

  1. Why was Iris justified in determining who the owner of the CD was?

Iris is justified in determining who the owner of the CD was because she followed the norms of an ethical behavior and followed the protocol installed by her organization.

  1. Should Iris have approached Henry directly, or was the hotline the most effective way to take action? Why do you think so?

If Iris had approached Henry, it might had become a personal matter rather than professional. Following the proper protocol is the best way to report in any organization.

  1. Should Iris have placed the CD back at the coffee station and forgotten the whole thing? Explain why that action would have been ethical or unethical.

In my opinion this would not have been a good professional practice. In any organization, every employee is expected of adopting to an ethical behavior. In the current circumstances, Iris made the correct ethical decision.




Whitman, M. and Mattord, H. (2011). Principles of Information Security, 4th Edition.        Independence, KY: Cengage Learning.