Josh Waring

ITS 370 Hmwk #4

Shin Ping Tucker



2) Search the Web for security education and training programs. Determine the costs of these programs and which one you think is most cost effective.

†EC-Council provides certifications in a wide-variety of cybersecurity related fields.† The main certification they provide is ďCertified Ethical HackerĒ (CEH), and the Base Training package costs $1899.† Comptia also provides a Security+ certification, which costs $349, plus up to an additional few hundred dollars if you buy the educational bundles.† I personally think the Comptia Security+ certification is a good starting point, and from there you can pursue the CEH certification if you need it in the future.



5) Classify each of the following occurrences as an incident or disaster. If an occurrence is a disaster, determine whether business continuity plans would be called into play.

a) A hacker breaks into the company network and deletes files from a server:† Incident, damage was limited.† The IT department should document and contain the incident, and inform management of the extent of the damage.

b) A fire breaks out in the storeroom and sets off sprinklers on that floor. Some computers are damaged, but the fire is contained:† Incident, the fire was contained before it caused extensive damage.† The incident should be documented and the insurance company should be notified (as well as law enforcement so they can survey the extent of damage caused by fire).

c) A tornado hits a local power station, and the company will be without power for 3-5 days: Disaster, the impact will be at least several days.† Business continuity plans may take place, as business will need to move to a location with power to continue to operate.† The business continuity plan should be implemented.

d) Employees go on strike, and the company could be without critical workers for weeks: Disaster, lack of critical workers could cause extensive damage to company.† Business continuity plans may take place, as business may need to move to a different office/building location where there are sufficient workers available.† Management should work with the disgruntled workers to ensure they can and will return to work as soon as possible.

e) A disgruntled employee takes a critical server home, sneaking it out after hours: Incident, hopefully the server could be recovered quickly.† If not, and if the server contains confidential information, this may become a disaster.† Law enforcement should be notified, as the employee stole from the company and potentially divulged confidential data.


Case Exercises-Discussion Questions

1)     The first note I would write if I were Charlie would be to write the existing policies/plans for incidents and disasters, and then list the plans that should be in place.† From there I would develop a game plan to achieve the optimal plans that should be in place.

2)     Charlie should include different types of incidents and disasters, and different response procedures for said events.

3)     Charlie could explain to management that business continuity planning is important, as it will help the business remain active in the event of a disaster.† Even if it costs some money to implement, it stands to save the company a lot of money and stress in the future if they have a continuity plan in place.



Case Exercises-Ethical Decision Making

I believe that SLS does have an ethical imperative to ensure its policies meet the needs of its stakeholders in the new country.† SLS is expanding into said country, so as long as the policies donít violate existing ethical policies, it would be good to implement them in the new country.

While I donít think SLS needs to offer the same benefits to employees in its original country, I think it would be ethical for them to offer these benefits to all employees.† However, one has to consider if the benefits being offered in France are costing the employees in France something elseónothing is free.† If the benefits correlate with lower wages for French employees, then I think SLS is free from ethical obligations to provide said benefits to the employees located in the original country.