awawYunze Wang

ITS 370






  1. Look up “the paper that started the study of computer security.” Prepare a summary of

the key points. What in this paper specifically addresses security in previously unexamined areas?


This paper signaled a pivotal moment in computer security history. When the    scope of computer security expanded significantly from the safety of physical locations and hardware to include the following:

1.      Securing the data

2.      Limiting random and unauthorized access to the data

3.      Involving personnel from multiple levels of the organization in matters pertaining to information security.

The security of each computer’s stored information is now contingent on the level of security of every other computer to which it is connected.


  1. Using the Web, identify the chief information officer (CIO), chief information security

officer (CISO), and systems administrator for your school. Which of these people represents the data owner? Which represents the data custodian?   


The chief information officer is the board level head of information technology within an organization. The CIO typically reports to the chief financial officer and in IT- centered organizations to the chief executive officer.

The chief information security officer is that focuses on information security within an organization. The job’s responsibilities vary depending on the needs of the enterprise but often include responsibility vary depending on the needs of the enterprise.

A chief information security officer represents the data owner.

A system administrator, systems administrator, or sysadmin, is a person employed to maintain and operate a computer system and network, System administrators may be members of an information technology department.


Case Exercises:

Discussion Questions

1.      Do you think this event was caused by an insider or outsider? Explain your answer.


This event was caused by an insider or an outsider.

An insider unfortunately attaches a personal USB flash removable hard drive to the office computer.

As the mail is sent by the outsider and USB which is having virus is attached by the insider, this event is said to be caused by either by an insider or by an outsider.


2.      Other than installing virus and worm control software, what can SLS do to prepare for the next incident?


Other than installing virus and worm control software, Amy found herself learning how to install desktop computer operating systems and applications as SLS made a heretic effort to recover form the attack of the previous day and SLS found everyone in technical support busy restoring computer system to their former state.


3.      Do you think this attack was the result of a virus or a worm? Explain your answer.


This attack was the result of a worm. In SLS, the call display on her screen gave some of the facts: the user’s name, his phone number, the department in which he worked, where his office was on the company campus, and a list of all the calls he had made in the past.


Ethical Decision Making

1.      Would it be ethical for Amy to open such a file?


No. It would be unethical to open such files as it might have a virus and malware which again might attack the systems and be a huge loss to the organization.


2.      If such an e-mail came in, what would be the best action to take?


The best action is not to click the suspicious link and consult the security specialist and ask what to do with it.