2. The CNSS model contains Confidentiality, integrity and availability. If I were going to address the security for our class, I would propose a secure network where the only incoming traffic would be validated with a school IP address, password protected and a specific computer bank that would have access to the network.
3. According to a search I did of the UWS site, Thomas Janicki is the CIO for the university. He is in charge of “providing highly available, high quality access to UWS’s electronic resources and the internet”. Tom would be considered the data owner. Ross Eaton is the systems administrator for UWS. He would be considered the data custodian.
1. I would say that this was an outsider. My reasoning for my thoughts is that someone from the inside would have done something for personal gain instead of just causing chaos for everyone within the company. If it were an insider, they would also have to deal with the consequences.
2. SLS could also take a look at their firewall rules and determine what allowed the breach to happen in the first place. Certainly patch that hole and then disable further incoming traffic without some verifications before accessing the network.
3. I think this attack was the result of a worm. The reason I believe this is that it affected more than just one machine or a bank of machines. This was network wide which indicates that it would be a worm instead of a virus.
Ethical Decision Making;
1. No, it would not be ethical for her to open an email such as that. Instead she should report it to HR as well as the technical support or security team as it was a digital message. To me, that would be an obvious attempt of phishing however, regardless of that, the information that was promised in the email isn’t her business.
2. As I said in response to question one, the best course of action would be to report it to both HR as well as the technical support or security team.