Shuying Wu

ITS 360

02/11/2019

CH3

What Would You Do?

2. It appears that someone is using your firm’s corporate directory—which includes job titles, email addresses, and phone numbers—to contact senior managers and directors via text message. The text message requests that the recipient click on a URL, which leads to a website that looks as if it were designed by your human resources organization. Once at this phony website, the employees are asked to enter their bank routing number and account number to be used for electronic deposit of their annual bonus check. You are a member of the IT security group for the firm. What can you do?

Answer:  Hackers can make attempts to hack corporate directories from which they extract important job titles and email address. Later it can be used to create a fake email that appears genuine as created by organization on official note like emails offering jobs in the company. This email if then identified as a fake mail sent by an anonymous it will anyway cause damage to company’s reputation. Hence company’s security regarding confidential matters must be ensured by IT department. Even a small negligence will directly effect on organization. If I am a member of IT security firm, I would report this to higher authority first and rest is up to them to take necessary steps.

5. You are one of the top students in your university’s computer science program of 100 students, and you have agreed to meet with a recruiter from the Department of Homeland Security. Over dinner, he talks to you about the increasing threat of cyberterrorist attacks launched on the United States by foreign countries and the need to counter those attacks. The agency has a strong need for people who can both develop and defend against zero day exploits that could be used to plant malware in the software used by the government and military computers. At the end of the dinner, the recruiter asks, “Would such a role be of interest to you?” How do you respond?

Answer: Yes. Definitely one would accept that job to protect our country from cyber terrorism. Safety of our motherland comes first than the salary offered. Federal intelligence agency operate on super-secret note that public is unaware. They work for betterment of society. They have secret agents to get information about the activities going around. They need someone who has complete knowledge about computer which deals with malware in software. Agents do not have much knowledge about this. Hence they hire people for this. A topper will definitely know better than others. The obvious question that might rise it safe and legal to accept this job and work hard on it.

 

Critical Thinking

Case 1.

1. After the use of KCS's MSSP, Fairplay Finer Foods become enough able to implement and manage a corporate network that the grocery chain uses to run applications and communicate across all its stores. Another advantage of using KCS's MSSP is that to provide data security so that credit cards and other forms of electronic payment could easily be accepted. I think only one potential drawback of this overall process is that if we want to have cloud - based security, then we would need to upgrade the network on an ongoing basis by implementing the latest security enhancements, which might be costly for small retailers.

2. If I am one of the member of Fairplay’s management, I will make sure that all of the system defaults that were selected when the system was setup were changed using strong passwords and encryption. In this way, the strong passwords will help to protect the data.

3. The changes were made in moving from PCI 2.0 to PCI 3.0 are there are extending all the SSL and TLS dates to June 30, why because in the year 2018 it will be reinforced. Another change to there are providing the Multi factor authentication by using it we can access the cardholder data environment remotely and also locally. And also changes were made to all the services and service providers which will undergo additional scrutiny of their change management processes. We can increase the security and in the coming future we can rule around all the cards for displaying numbers which is also known as card number and we will be at the right place to modify the upcoming change to card number standards.

 

Case 2.

1. Sony’s response to the cyber-attack was appreciable

2. Things that can be done differently can be as follows

3.