Exercises

2.) Using the classification scheme in this chapter, identify and classify the information in your personal computer or personal digital assistant. Based on the potential for misuse or embarrassment, what information would be confidential, sensitive but unclassified, or for public release?

Looking throughout my personal computer I found information that is on it that is confidential but is viewable for the public. One of them being my phone number which is on my old Facebook account. Another piece of data that is viewable to the public is my email address that is on different social media accounts and on public data bases.

3.) Suppose XYZ Software Company has a new application development project with projected revenues of $1.2 million. Using the following table, calculate the ARO and ALE for each threat category the company faces for this project.

Threat Category

ARO

ALE

Programmer mistakes

52/1= 52

$5,000*52= $260,000

Loss of intellectual Property

1/1= 1

$75,000*1= $75,000

Software piracy

52/1= 52

$500*52= $26,000

Theft of information (Hacker)

4/1= 4

$2,500*4= $10,000

Theft of information (employee)

2/1= 2

$5,000*2= $10,000

Web defacement

12/1= 12

500*12= $6,000

Theft of equipment

1/1= 1

$5,000*1= 5,000

Viruses, worms, Trojan horses

52/1= 52

$1,500*52= $78,000

Denial-of-service attacks

4/1= 4

$2,500*4= $10,000

Earthquake

1/20= .05

$250,000*.05= $12,500

Flood

1/10= .1

$250,000*.1= $25,000

Fire

1/10= .1

$500,000*.1= $50,000

 

Discussion Questions:

1.) Did Charlie effectively organize the work before the meeting? Why or why not? Make a list of important issues you think should be covered by the work plan. For each issue, provide a short explanation.

I think Charlie effectively organized the work because he laid out why it is important to protect valuable information and gave out packets a week before the meeting. Some important issues that should be on the work plan is identifying risks because the company needs to know what kind of issues can happen in the future and then come up with strangles that will protect the company incase of these occurring. Another thing that should be on this plan is employee training on information security and how to prevent basic cyber-attacks.

2.) Will the company get useful information from the team it has assembled? Why or why not?

I think the company will get useful information from this team assembled because it seems like its composed of important officers from different apartments and having input from many different views will make a better work plan.

3.) Why might some attendees resist the goals of the meeting? Does it seem that each person invited was briefed on the importance of the event and the issues behind it?

I think some attendees many resists this because they may think that this plan is unnecessary or it’s a waste of time and money. I think everyone at this meeting know the importance of this because the company is under cyberattacks into almost every week, and one person brought it up in the meeting.

Ethical Decision Making:

Suppose Amy Windahl left the kickoff meeting with a list of over 200 assets that needed to be evaluated. When she looked at the amount of effort needed to finish assessing the asset values and their risk evaluations, she decided to “fudge” the numbers so that she could attend the concert and the spend the weekend with her friends. In the hour just before the meeting in which the data was due, she made up some values without much values without much consideration beyond filling in the blanks. Is Amy’s approach to her assignment ethical?  

It is not ethical because she is making up numbers and figures that could affect a meeting that could affect the company’s future and could put peoples private and personal information at risk.

Is Amy now ethically justified in falsifying her data? Has Charlie acted ethically by establishing an expected payback for this arrangement?

Amy is not ethically justified in falsifying her data because she is putting everyone information in her department in danger, and he actions may hurt the company in the future. Charlie isn’t being ethical either because he is rewarding this unethical behavior and he should be punishing her.