Andy Kolden

Information Security

Chapter 4 (pages 247-248)



1)      Search the Web for security education and training programs in your area.  Keep a list and see which category has the most examples.  See if you can determine the costs associated with each example.  Which do you think would be more cost effective in terms of both time and money?

-          Security education is offered all over the area in Minnesota which all offer: computer science degrees, computer security networking, cyber defense, etc.  Most of these are expensive because they are offered at universities and require a 4 year degree. 

-          There are some other offered out there like IT certificates, minors and 2 year degrees that are usually at community colleges/tech schools which are much cheaper than going to a university.

-          I think you are getting a very good education when you go to a university but if you can get a 2 year degree, which is the most cost effective in time and money but also getting an internship where you learn much of the info on the job, is the best way to go.


2)      Search the Web for examples of issue-specific security policies.  What types of policies can you find?  Using the format provided in this chapter, draft a simple issue-specific policy that outlines fair and responsible use of computers at your college, based on the rules and regulations of your institution.  Does your school have a similar policy?  Does it contain all the elements listed in the text?

-          Some policies could include things such as internet usage, what company email can be used for, how employees can use company-issued equipment, minimum requirements for computer configuration, what people can use company WiFi for, etc.

-          A fair outline would be things like:

o   Use school email only for school-related accounts.

o   Only use internet on school computers for class related activity.

o   Only use school issued laptops for class related activity. 

o   Make sure to know restrictions before taking school-issued equipment.

o   You cannot use internet for certain websites that are blocked by the school’s IT department.

-          These are just a few examples of what a school can implement for rules and regulations to follow for people using their internet and/or equipment.  UWS has a number of the policies listed in the text but they do not have every single one.


Case Exercises

1)      What would be the first note you wrote down if you were Charlie?

-          Make sure that all of the company’s equipment is covered by insurance so that the company will not lose any money (because they would have to buy new equipment) in the case of something like this.


2)      What else should be on Charlie’s list?

-          Something that should be on his list is that the company should be sure to make sure that everyone’s data is saved on an h-drive or something like that so it can be saved places other than the computers that just got destroyed like in this case.


3)      Suppose Charlie encountered resistance to his plans to improve continuity planning.  What appeals could he use to sway opinions toward improved business continuity planning?

-          He could use things such as information/memory loss because people would be scared to lose all of the information and work that they have saved on a computer and he could convince them to save on a drive online shared file.


-          He could make sure that the company is insured in case of an emergency so that they company will not suffer too much of a monetary setback because they will have to just wait for backup equipment rather than having to wait AND buy new equipment.


Ethical Decision Making

1)      Does SLS have an ethical imperative to modify its policies to better the needs of its stakeholders in the new country?

-          Yes they do because they will work with their stakeholders to make sure that they are treated fair in the standards of the holders that are in France.


2)      Is SLS under any ethical burden to offer the same benefit to employees in its original country?

-          They should be under the burden to make sure that they cover their employees to the fullest extent and make it the same all over their company.  Insurance is expensive and they need to make sure that all of their employees have the same benefits so it is not any more beneficial to work at one branch compared to another one.  If they don’t offer the same benefits they need to make up for it in another category such as profit sharing or retirement for example.