Andy Kolden

Information Security

Chapter 5 (pages 320-322)

 

Exercises

1)      Use the data classification scheme in this chapter, identify and classify the information in your personal computer or personal digital assistant.  Based on the potential for misuse or embarrassment, what info would be confidential, sensitive but unclassified, for public release?

-          The info that would be confidential would just be different things like my photos or messages (whether it be text or on an app).  These would be confidential for public release so this would make it very tough on anyone if they had any of their sensitive information leaked for public misuse/embarrassment.

 

2)      Suppose XYZ Software Company has a new application development project with projected revenues of $1.2 million.  Using the following table, calculate the ARO and ALE for each threat category the company faces for this project.

-           

Threat Category

cost

ARO

ALE

Programmer mistakes

$5,000

52

$260,000

Loss of intellectual prop.

$75,000

1

$75,000

Software privacy

$500

52

$26,000

Theft of info (hack)

$500

4

$2,000

Theft of info (employee)

$5,000

2

$10,000

Web defacement

$500

12

$6,000

Theft of equipment

$5,000

1

$5,000

Viruses, worms, troj. horse

$1,500

52

$78,000

Denial-of-service attacks

$2,500

4

$10,000

Earthquakes

$250,000

.05

$12,500

Flood

$250,000

.1

$25,000

fire

$500,000

.1

$50,000

 

Case Exercises

1)      Did Charlie effectively organize the work before the meeting?  Why or why not?  Make a list of important issues you think should be covered by the work plan.  For each issue, provide a short explanation. 

-          I think the meeting had a good base in the fact that he had a packet set up for everyone and that they were all assigned a certain role.  I think that he could have had more certain topics to talk about in the meeting rather than just running by the headlines of them like things like cost, security, issues, etc.

o   Cost

o   Benefits

o   Security

o   Plans of attack

o   Contingency plans

 

 

2)      Will the company get useful info from the team it has assembled?  Why or why not?

-          I think they will get useful information from the team they have put together because they are going to have individual roles to find certain issues while also finding certain information that they can all meet up to combine their info and ideas to create a better way.

 

3)      Why might some attendees resist the goals of the meeting?  Does it seem that each person invited was briefed on the importance of the event and issues behind it?

-          They might because they do not want to make Charlie mad behind his back and they don’t want to do more than needs to be done.  Some people that were not invited to this meeting may not have the motivation of others so that could be a big reason for this little “task force” that has been put together and the reasoning for each person that was added to it.

 

Ethical Decision Making

1)      Is Amy’s approach to the assignment ethical??

-          It is not ethical at all because everyone else could have worked very hard on this over the weekend and with her false information she could have the ability to screw the entire project up.

 

2)      Is Amy now ethically justified in falsifying her data?  Has Charlie acted ethically by establishing an expected payback for this arrangement?

-          Yes she has done nothing wrong in the process of this because she has done what her superior had told her to do.  Charlie has not acted ethically because he is paying her a bonus for doing nothing special at all just so that she will keep her mouth shut to get more money while everyone else involved with the project was working very hard on their own time.