Josh Waring

ITS 370 Hmwk #2

Shin Ping Tucker

 

Exercises

1)      If a hacker performed these actions, they would fall into the following unique categories of threats to information security (4 in total).

a.      Breaking into a network: Espionage or Trespass (accessing website w/out permission)

b.      Copying files: Espionage or Trespass and copyright infringement (copying files)

c.       Defacing webpage: Sabotage/vandalism (vandalizing the website)

d.      Stealing CC info: Espionage or Trespass (unauthorized data collection of cc info)

The hacker could also use the stolen CC info to extort (blackmail) the card holders under threat of disclosing their CC information if they do not pay a specified amount.

 

2)      Mafiaboy exploited Yahoo! Via a denial-of-service attack.  Since Yahoo! was the biggest search engine when the attack took place in 2000, it caused significant economic damage.  He also brought eBay, CNN and Amazon down through the same type of attack, and attempted to bring Dell down as well.  The FBI became aware of his involvement after he mentioned something about the Dell attack on a chat site before the attack had become public knowledge.

 

 

Case Exercises-Discussion Questions

1)      Fred perceived it as a small problem that could be fixed by a simple round of training, Gladys saw it as a major enough problem to recommend Fred as the CISO, and Fred obviously saw the severity of the problem as he had worked with Gladys to formulate a plan for the company’s information security moving forward.  After the conversation, Fred definitely realized the extent of work that needed to be done to improve the company’s info-sec.

2)      Fred should measure Gladys’ performance by the support and advice she gives Charlie; as well as by the way she handles improving the company’s information security.  Most of the focus would fall on Charlie, as he is the new Chief Information Security Officer, and he should be evaluated based on his ability to implement new training and information security programs, as well as his ability to develop new information security strategies and “gameplans” for the company.

3)      I think social engineering is the most important threat Charlie should focus on, as the human component is often the most vulnerable.  Proper information security training for company personnel should take place to help prevent attacks in the future.

Case Exercises-Ethical Decision Making

1)      No, Fred hiring his son-in-law would be unethical, as this would not only show nepotism, but his son-in-law has no cybersecurity experience or preparation, which would be dangerous for the entire company.

2)      I think Davey did commit an ethical violation, as his company had prohibited the use of usb drives, so if he needed data from one he should have consulted the companies IT department on how to retrieve it safely.