Chapter 7 - Software Engineering - Social Issues - Page 369: 1

See the explanation

a. Mary Analyst should consider documenting her concerns about the flawed security design and the potential risks associated with it. She could communicate these concerns to higher management, emphasizing the importance of implementing a more secure system to protect sensitive medical records. It's crucial to express the potential consequences of inadequate security for both the organization and its patients. b. If Mary Analyst becomes aware of unauthorized personnel accessing medical records, she should immediately report the security breach to the relevant authorities within the organization. Her responsibility is to take prompt action to mitigate the breach, such as tightening security measures and notifying affected parties. Mary's liability would depend on the circumstances, but she should not be held solely responsible if her initial concerns were disregarded by higher-ups. c. Mary Analyst's decision to blow the whistle and make the flawed design public may not be the most responsible course of action. Instead, she should first explore internal channels for raising concerns, like reporting to a higher authority or engaging with the company's ethics committee. If she discovers sincere efforts within the company to address security concerns elsewhere, it changes the context. In such a case, Mary should collaborate with the internal teams working on valid security solutions rather than causing financial hardship and job loss through public disclosure.