Chapter 2: The Need for Security

Exercises

1.)    Consider that an individual threat agent, like a hacker, can be a factor in more than one threat category. If a hacker breaks into a network, copies a few files, defaces a web page, and steals credit card numbers, how many different threats categories does the attack fall into?

When a hacker can perform multiple types of threats, there are also multiple categories they can fall into. According to the book there are 12 different types of threat categories. In this example a hacker that breaks into a network, copies files, defaces a web page, and steals credit card numbers would fall into at least 9 of the categories. These categories could be the following: Compromises to intellectual property, Deviations in quality of service, Espionage or trespass, Information extortion, Sabotage or vandalism, Software attacks, Technical hardware failures or errors, Technical software failures or errors, and Theft.

2.)    Using the Web, research Mafiaboy’s exploits. When and how did he compromise sites? How was he caught?

Michael Calce went by the online username Mafiaboy. He launched a massive online attack when he was 15 and recently started working as a security consultant. When he was 9 years old he started by hacking AOL using a free trial disk. He was also able to take down many websites over the years and President Clinton put out a manhunt for him. He was caught by the FBI at his house and was charged with more than 50 crimes and sentenced eight months in a youth home. Now he is a White Hat Hacker and works for the better of cyber security.

 

Case Exercises

1.)    Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Fred’s perception change after that?

Fred was not convinced by the information security effort and just wanted to allocate additional budget for the problem but it also sounded expensive. Gladys and Charlies were all for the effort and they had to convince Fred but after some more information on the topic, Fred was on board.

2.)    How should Fred measure success when he evaluates Gladys’ performance for this project? How should he evaluate Charlie’s performance?

Fred could measure Gladys’ and Charlie’s performance by having meeting with them and seeing if there were any viruses or worms detected. Then they could even compare last months performance to this months performance to see if there was any increase.

3.)    Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?

Early on Charlie should be worried about software attacks and espionage of some sort. Since the worms and viruses are coming from a personal flash drive there is someone either intentionally doing this or not aware, they are causing these problems.

 

Ethical Decision Making

If Fred hired his son in law who has no previous experience, there would be an unethical decision because Charlie has experience and this could also point fingers towards Fred for trying to avoid the problem.

For Davey to purposely use the USB drive with out knowing he was the one to cause the worm outbreak he would have not acted unethically. If he was doing it on purpose knowing that he would spread the worm virus he would be acting unethically.