1. Look up “the paper that started the study of computer security.” Prepare a summary of the key points. What in this paper specifically addresses security in previously unexamined areas?
A paper titled the “Rand Report R 609” was sponsored by the Department of Defense and initiated the movement toward security that went beyond protecting physical locations. It attempted to define multiple controls and mechanisms necessary for the protection of a multilevel computer system; identifying the role of management and policy issues in computer security. This report/paper significantly expanded the scope of computer security to include the following securing the data, limiting random and unauthorized access to said data, and involving personnel from multiple levels of the organization in matters pertaining to information security.
2. Assume that a security model is needed for the protection of information in your class. Using the CNSS model, examine each of the cells and write a brief statement on how you would address the three components of each cell.
Management of Information Security:
· Proper Staff
· Educating students on policies
· HIPPAA (CIA) laws
· Email Policies
· Ensure proper internal and external firewalls are set
· Web content blockers
· VPN Access
· Wireless Access Point
· Smart Phones
Policy- The policy can be addressed for a classroom environment by ensuring all door are locked and access to room is granted by authorized personal. The next policy is to have all computers under usage time. As well, include parental control to block sites that are not to be accessed and to avoid potential threats. It is critical to maintain proper authorization to only students, teachers, and staff of the school.
Computer and data security- All users will have to use their assigned username and password. It is important to develop an internet usage to maintain data security. That way we are also able to track who was at fault if a data breach occurs.
3. Using the Web, identify the chief information officer (CIO), chief information security officer (CISO), and systems administrator for your school. Which of these people represents the data owner? Which represents the data custodian?
Chief Information Officer: This job is vacant at UWS (they would be data owner)
Chief Information Security Officer: We do not have one at UWS (they would be data custodian)
Systems Administrator: Jay Conley (data custodian)
4. Using the Web, find a large company or government agency that is familiar to you or located in your area. Try to find the name of the chief executive officer (CEO), the CIO, and the CISO. Which was easiest to find? Which was hardest?
I went to check on the company called Renault, which is a big car company in France.
CEO: Carlos Ghosn (Since 2009)
CIO: Arnaud Deboeuf (Since 2013)
CISO: Clotilde Delbos (Since 2011)
The easiest to find was the CEO, the hardest was the CISO.
5. Using the Web, find a large company or government agency that is familiar to you or located in your area. Try to find the name of the chief executive officer (CEO), the CIO, and the CISO. Which was easiest to find? Which was hardest?
Kevin Mitnick was arrested by the FBI on Feb. 15,1995
· He was locked up and put in jail because there was a rumor that he could whistle the launch codes for nukes into a payphone
·Social engineered the punch card system for the LA busses in order to bypass the system
·Charged with wire fraud, computer fraud, illegally intercepting communications.
·Now owns a security consultant firm