Kohlton White
ITS 370
Chapter 1

 

Exercises

4. Using the Web, find a large company or government agency that is familiar to you or located in your area. Try to find the name of the chief executive officer (CEO), the CIO, and the CISO. Which was easiest to find? Which was hardest?

Went with Target and found out about their CEO (Brian Cornell) with little to no effort. Same with their CIO (Michael E. McNamara). The hardest one was their CISO {Rich Agostino}, but found the info in an article.

6. Using the web, explore the technique known as “iterative and incremental development.” Then, investigate “agile development.” How are they relate?

Agile is both iterative and incremental because it allows developers to continuously develop and refine the software in increments. Iterative development is where developers refine pieces of the software over time, as they fix vulnerable and weak areas, until they’re satisfied. Incremental development is where the software is completed in pieces.

Case Exercises

1. Do you think this event was caused by an insider or outsider? Explain your answer.

This is from an outside source. Situations like this are common, where someone clicks on a malicious link via direct message or email, and it gains access to your contacts list and forwards the link to them.

2. Other than installing virus and worm control software, what can SLS do to prepare for the next incident? 

Even though this wasn’t the actual cause, they can set their emails to display in plain text. This way, upon opening an email, nothing else will be opened or displayed. It’ll show clickable attachments and links, but that’s all. So, any malicious code will remain contained. Also, Amy forgot her training and how to handle emails. So, it looks like the employees need to be reminded, via training.

3. Do you think this attack was the result of a virus or a worm? Explain your answer.

This would be an email-worm. Both worms and viruses use exploits in security software to steal information, corrupt files, and install backdoors for remote access to the system. But the delivery method is the main giveaway. Amy clicked on the email and then everything started to act up.

Ethical Decision Making

1. Would it be ethical for Amy to open such a file?

No, it’s not ethical. Honestly, everyone knows how important their own SSN is. So, receiving an email saying, “hey, look at your boss’s SSN…” should be a red flag.

2. If such an e-mail came in, what would be the best action to take?

Flag the email and contact IT to inform them about it and inform the supervisor or manager that’s overseeing the staff and have them put out a memo to be cautious.