Exercises

1. The reports talks about intrusions, physical security, threats, policy considerations. The identification of lack of security, threats, and risks.

2. Keep access controls up to date such as passwords and multifactor authentication for login use, security groups must be made to keep us in our classification level. Have 2 safe locations of saved data in case of corruption or damage. For multifactor use have to linked to their phones as people are depend on their phones for everyday use.

3. The CIO is the data owner to the CISO, same as CISO is the data owner to the system administrators. Lastly the system admins are data custodians to the CISO, and CISO is the data custodian to CIO.

4. Doug McMillon is the CEO of Walmart Inc, the CIO is Clay Johnson, and lastly the CISO is Jerry R. Geisler III. The CEO was easiest and the CISO was harder as you might not known if he is the current.

5. He hacked into companies developing OS software and phone company. The FBI caught him. He got famous by his books, the controversial of the case, and use of social engineering.

6. They both deal with the development cycle of software.

 

Case Exercises

1. This could have been outsider attack, if Davey Martinez is a fake identity that Amy decided to trust. Even with sending those types of emails to the IT should have been reported to supervisors as thatís unnecessary communication between two departments. Davey Martinez could also be preparing to attack through the emails from before.

2. Bring awareness to all employees about phishing emails and emails that are not job related. Post posters about the awareness in every department.

3. Virus was the cause, as it required the use of the person to click on the file to start the process while a worm is independent of user help.

 

Ethical Decision Making

1. No, this would not be ethical as you are performing the act of reading up on the classification list

2. Inform your supervisor about this email, then have them inform the supervisor of the HR and supervisor of accounting about this breach of information.