Shuying Wu

ITS 370

Chapter 2

Exercise

1)    Using the Web, research Mafiaboy’s exploits.  When and how did he compromise sites?  How was he caught?

Ans: Mafiaboy, was a high school student from West Island, Quebec, who launched a series of highly publicized DDoS attacks in February 2000. He also attempted to launch a series of simultaneous attacks against nine of the thirteen root name servers. targeted Yahoo! with a project he named “Rivolta” – meaning riot in Italian. This project utilized a denial of service cyber-attack in which servers become overloaded with different types of communications, to the point in which they completely shut down. He managed to shut down the multibillion-dollar company and the web’s top search engine for almost an hour. His goal was to establish dominance for himself and TNT – his cybergroup. Over the next week, he also brought down eBay, CNN, Amazon and Dell via the same DDoS attack.

2)    Consider that an individual threat agent, like a hacker, can be a factor in more than one threat category. If a hacker breaks into a network, copies a few files, defaces a Web page, and steals credit card numbers, how many different threat categories does the attack fall into? 

Ans: It seems as this hacker was deliberately causing harm (i.e. copying files, vandalizing the web page, and theft of credit card numbers); due to their method of entry – hacking into a network – it leaves me to believe there were some technical failures, such as software vulnerabilities or a trap door. However, that is just one possibility as to what could have occurred. This could have also been a managerial failure; say the unknown hacker used social engineering to obtain the information to gain access to the network – proper planning and procedure execution could have potentially thwarted this hacker’s attack.  

 

Case Exercise

1.     Before this discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort?  Did Fred’s perception change after that? 

Ans: Fred seemed to think everything was under control and thought training was all that was needed. Gladys had consulted Charlie and was ready to fight for what she needed to happen. Charlie was prepared to inform Fred of everything that need to be done. He seemed worried about the cost, but was very optimistic about the process.

2.     How should Fred measure success when he evaluates Gladys’ performance for this project?  How should he evaluate Charlie’s performance?

Ans: Gladys is appointed as CIO of the team, which is gathered to improve the security of the
company due to virus attack that caused a loss in the company; I believe Fred will measure Gladys success by her ability to lead, keep the plan on track (i.e. time management) and successfully sticking to the proposed budget. Charlie was promoted to chief information security officer, a new position that reports to the CIO; I believe Fred will measure Charlie’s success by his ability to implement the new plan, report his/their progress and the overall success of the new system.

 

3.     Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?

Ans: Portable Media Management should receive Charlie's attention early in his planning process.

 

Ethical Decision Making

1.    Assuming the person had no prior experience or preparation for a job in information security, did Fred make an ethical choice?

Ans: no. Choosing Fred as chief information security officer wouldn’t be an ethical choice. Because he has no good experience compared to Charlie.

2.      It’s obvious that Davey violated policy, but he did commit ethical violations as well?

Ans: No. Choosing Fred as chief information security officer wouldn’t be an ethical choice. Because he has no good experience.