Evan Jones

ITS 370



1.       Look up “the paper that started the study of computer security.” Prepare a summary of the key points. What in this paper specifically addresses security in previously unexamined areas? The paper that started the study of computer security was the RAND Report R-609-1. The key points were the types of computer systems, threats to system security, areas of protection, policy considerations and recommendations, technical recommendations and management and administrative control. The unexamined areas were resource sharing systems due to the advance of widely spread geographically systems.

2.       Assume that a security model is needed for the protection of information in your class. Using the CNSS model, examine each of the cells and write a brief statement on how you would address the three components of each cell. We need to have confidentiality of each person’s class information, integrity that each person only accesses their own information, availability for each person to access their information at anytime from anywhere, storage to store such information, processing to allow each person to process the information they are receiving, and transmission for a way to transmit the information to whoever is accessing it and move it across systems.

3.       Using the Web, identify the chief information office (CIO), chief information security officer (CISO), and systems administrator for you school. Which of these people represents the data owner? Which represents the data custodian? The chief information officer is vacant, could not find information on the chief information security officer. The systems administrator is Ross Eaton. Ross Eaton would be the data custodian.

4.       Using the Web, find a large company or government agency that is familiar to you or located in your area. Try to find the name of the chief executive officer (CEO), the CIO, and the CISO. Which was easiest to find? Which was hardest? I choose Maurice’s and their CEO is George Goldfarb. CIO is David Johns. I could not find information on the CISO. The CEO was the easiest to find information about.

5.       Using the Web, find out more about Kevin Mitnick. What did he do? Who caught him? Write a short summary of his activities and explain why he is infamous. Kevin Mitnick is a computer security consultant and hacker. He was arrested on February 15, 1995 for a 2-and-a-half-year period of computer hacking. The FBI got him on federal offenses of computer and wire fraud 14 counts and found with cloned cell phones, cell phone codes, and multiple pieces of false identification 8 counts. He pleaded guilty to four counts of wire fraud, two counts of computer fraud and one count of illegally intercepting a wire communication. He served 5 years in prison and released on January 21, 2000. He now runs Mitnick Security Consulting LLC.