Chapter 1: Introduction to Information Security

Exercises

4.) Using the Web, find a large company or government agency that is familiar to you or located in your area. Try to find the name of the chief executive officer (CEO), the CIO, and the CISO. Which was the easiest to find? Which was the hardest?

            GameStop is a large company in our area and is a major consumer electronic retailer. The CEO of GameStop is George Sherman who was recently hired in as the CEO in August of 2019. Angela Vanuk is the CIO for GameStop, and the CISO is Jim Motes. The easiest to find was George Sherman, he had his picture on google and he even had a bio on his google search. On the other hand, the CIO and CISO were not difficult to find at all but in relativity to the CEO there was significantly less information on them until you went to the company page.

5.) Using the Web, find out more about Kevin Mitnick. What did he do? Who caught him? Write a short summary of his activities and explain why he is infamous.

            Kevin Mitnick is a infamous hacker and now a book writer and company owner. Kevin Mitnick copied software from DEC, he also hacked into Pacific Bell’s voice mail computers, and he cloned cellular phones to hide his location and copied valuable proprietary software from the largest cellular telephone companies, he even stole computer passwords, altered networks, and broke into private emails. Kevin Mitnick was arrested on February 15, 1995 for hacking and wire fraud. They found him with hundreds of cloned cellular phones and false identification. He pleaded guilty to all of his crimes. He’s so infamous because of his ability to hack and for the crimes he committed and the controversy over his trials in 1995.

Case Exercises

1.)    Do you think this event was caused by and insider or outsider? Explain your answer.

I think that this could be both ways. There could have been an attack from external to plant a virus or even something wrong internally. There could have been a virus downloaded on accident or even a virus planted from an attacker.

2.)    Other than installing virus and worm control software, what can SLS do to prepare for the next incident?

SLS could maybe ban nonrelated sites on their computers so nothing can be downloaded on accident. Another thing would be to have a virus scanning software or a email scanner software to prevent any forms of attacks in the future.

3.)    Do you think this attack was the result of a virus or a worm? Explain your answer.

I think it was the result of a virus because when the emails were opened, they would replicate themselves and it spread to multiple systems. This made it so they needed to start fresh and reinstall operating systems and applications on their computers.

Ethical Decision Making

1.)    Would it be ethical for Amy to open such a file?

If a file was named “See our managers’ salaries and SSN’s”, it would be very unethical for an employee to open this email. Since it’s on an email this information could be leaked anywhere and even since she’s such a high-level employee she would know this information anyways.

2.)    If such an e-mail came in, what would be the best action to take?

The best action for Amy to take would be to bring it up with her supervisor or boss. They would have to find out about the email as fast as possible to prevent any internal damage to the company.