Kate Rohde

ITS 370

Chapter 1 Homework

 

Exercises:

 

4.     The following heads of the Cirrus aircraft company in Duluth: the CEO is Zean Nielsen, CIO is Michelle Roemer, and CISO is Jeff Christenson. As expected, the CEO was the easiest to find, then the CIO, lastly the CISO was the most difficult.

 

5.     Kevin Mitnick went to jail his first time for breaking into DEC’s computer network then coping their software. He was sentenced in prison for a year and then 3 years supervision. Violating his supervision, he committed his largest crime. He gained unauthorized access to 40 or so large corporations, and stole passwords, read private emails, copied valuable software, changed computer networks around, and when arrested for having many different and false forms of ID. After being on the FBI’s most wanted list he was eventually found and sentenced to another number of years and supervision. He is partially the most famous simply because he received a large amount of media coverage.

 

Case Exercises (pg. 45-46):

 

            Exercise Questions:

 

1.     This is most likely an outside job. Otherwise the virus would have been sent to everyone right away because they would have had access to everyone’s emails. Instead it took a while to get to everyone’s emails by bouncing from one email to the next.

 

2.     Another way to prepare would be to have the staff and personnel do some review training on security. Training regarding what Amy failed to notice when she opened her email and clicked on the link that had the virus in it. Maybe have this training every 6 to 12 months as a refresher for everyone. 

 

3.     In this case the attack was executed as a virus. Viruses often start by email attachments. When attachments are opened, they take over the program they entered into, which is why Bob’s email was not responding. From Bob’s email the virus sent itself to everyone in his contact list. Then Amy had the same problem when she opened the attachment with the virus, and it took over her computer as well.

 

Ethical Decision Making:

 

1      It would absolutely not be ethical for her to open such file A person’s salary and especially someone’s SSN are extremely confidential. She does not need this information to do her job so therefore it is considered unethical.

 

2.     Best action is to not open the email then report it immediately to the CISO or the information security department. From their they can quarantine the email, warn fellow staff of the situation, then take measures to counteract and prevent it from occurring in the future.