ITS 360 (sec 001)
Assignment #3 (Due 2/1/15)
What Would You Do?
1) I would begin by assessing the retailerís current systemís security, and develop a plan to meet their needs based on the current system.† I would then proceed to check for various threats potentially already on their system, and remove those as needed.† I would ensure that the system is secure, and the employees are practicing safe computer use.
2) I would immediately send an email warning all employees of a potential phishing scam using the employee directory.† I would then check with the senior managers and directors to see if they had already clicked the link, and if so, help ensure their accounts are secure and work with the bank to fix any problems.† I would then attempt to find who could be behind this smishing attempt.
Critical Thinking Qís
Fairplay Q1)† The use of an MSSP allows a smaller retailer professional computer security for less cost than implementing their own security group inside the company.† Potential drawbacks may include lack of communication and dedication by the MSSP since it is assisting other companies as well as Fairplay.† There could be a danger in placing too much trust in an MSSP, because that MSSP has access to a companies entire computer infrastructure, and it would be hard to detect any intrusion by the MSSP itself.
Fairplay Q2) I would ensure all employees undergo compliance training for processing CC transactions, as well as ensure that only necessary CC data is retained, and that it is stored on secure servers that are constantly monitored for intrusion attempts
Fairplay Q3) PCI DSS standard 3.0 mainly included clarifications and minor changes to the PCI 2.0 standard.† Future versions would implement updated processes for secure financial transactions.
Sony Q1) I think that Sony should not have given into the pressure from the terrorists.† They should have released the movie on the planned date (which they ended up doing after all on Prime Video and Netflix), but they should also have released it on the planned date in theatres willing to show the movie.
Sony Q2) Sony and the US government should warn those who are behind such attacks that severe repercussions may result, and they should have pressured North Korea to make amends for the attack.† I think that, especially since the NSA could trace the hack, there should have been some sort of retaliation to discourage such attacks in the future.
†Sony Q3) Yes, the US government and organizations can work together to keep data encrypted and secure, but there should be regulations allowing the government access in certain cases, and the government should assist in maintaining security standards for organizations.