Tanner Carlson

ITS 370

CH1

9/15/2017

2. If a security model was needed for the protection of information in our class the CNSS model would be a great place to start for the protection needed. Using confidentiality, integrity and availability, we would be able to protect the information needed for our ITS 370 class. To keep the information confidential, we would need to make sure that each user had a strong username and password, and that passwords are updated frequently. Making sure users only have access to the information they need is another good way to make sure each users information, and the systems information remains confidential. To keep the integrity of the system in tack, system updates would need to be ran frequently to ensure there isn’t malware or expired users in the system. Keeping the information available to the students would be important, so we would need to make sure that the students could log in, and access the information from home.

3. Currently, University of Wisconsin Superior does not have a chief information officer (CIO) or a chief information security officer (CISO). On the university website, the position of CIO, which is shared with the assistant vice chancellor for instructional and information technology positon, is listed as vacant. The CISO position is not listed on the web site. I would assume that due our schools funding, the CIO position would fill the CISO positon as well. If both of these positions did exist, and were not vacant, the CIO would be the data custodian, and the CISO would be the data owner.

4. Using the web, I researched some of the positions that are held at Charter Communications. The CEO is Thomas Rutledge, the CIO is Jay Carlson, and the CISO is Rod Copelan. The easiest name to find was the CEO’s. The hardest name to find was the CISO. I would assume that the CEO is more important to the vast majority of the public, his name was easier to find. Since the majority of the public tends to not care or think about information security until it becomes a problem, the CISOs name is harder to find.

5. Kevin Mitnick is best known for being a hacker. In 1979 he copied software and in 1988 he hacked into Pacific Bell voicemail computers and had access to personal information of many of Pacific Bells users. He was caught by the FBI. Mitnick is fairly infamous because he was one of the first ever hackers, and the first one to get caught while he was high profile hacking. The government sentenced him harshly to set an example for others.

6. Iterative and Incremental development is any combination of both iterative design or iterative method and incremental build model for software development. The combination is of “long standing” and has been widely suggested for large development uses. Agile software development, on the other hand, is a set of values and principles for software development under which requirements and solutions evolve through the collaborative effort of self-organizing cross-functional teams. The agile development cycle almost always includes iterative and incremental development. A successful agile cycle implements a sound iterative and incremental development cycle to help ensure results.