Yunze Wang

ITS 370






1.        Search the Web for the Forum of Incident Response and Security Teams (FIRST). In your own words, what is the forumís mission?


FIRST is the global Forum for Incident Response and Security Teams. The organization is widely recognized as a global leader in incident response and brings together a variety of Computer Security Incident Response Teams from government, commercial, and education organizations. FIRST aims to foster cooperation and coordination in incident prevention, to stimulate rapid reaction to incidents, and to promote information-sharing among members and the community at large. FIRSTís vision is that membership should enable incident response teams to respond more effectively to security incidents by providing best practices, tools, and trusted communication with member teams. FIRSTís mission statement, which was originally adopted in 1995 and reissued in an updated version in June 2003, holds that FIRST is an international confederation of trusted CSIRTs that cooperatively handle programs to prevent computer security incidents. Moreover,

ž   FIRST members develop and share technical information, tools, methodologies, processes, and best practices.

ž   FIRST encourages and promotes the development of quality security products, policies, and services.

ž   FIRST develops and promulgates best computer and security practices

ž   FIRST promotes the creation and expansion of incident response teams and membership from organizations around the world.

ž   FIRST members use their combined knowledge, skills, and experience to promote a safer and more secure global electronic environment.


2.††† Search the Web for two or more sites that discuss the ongoing responsibilities of the security manager. What other components of security management can be adapted for use in the security management model?


Main Responsibilities of security manager:

Security manager is responsible for handling the security issues of the company like creating security protocols, procedures, and policies.

Arranging and managing the special security procedures at the time of certain events.

Handling the recruitment/interviews, training of the security employees.

Always be updated with the information on security which will lead to improvements in status.

Deciding and handling expenses and budget of the security employees.

Attending meeting with other company officials regarding security issues.

Always be co-operative with the company staff and resolve the security issues.


Case Exercises:

Discussion Questions

1.†† What area of the SP 800-100 management maintenance model addresses the actions of the content filter described here?


Management maintenance model deals with managing business operations successfully. It includes methods and clear guidelines for achieving goals of organization.

SP 800-100 maintenance model deals with thirteen information security areas such as information security governance, performance measures, security planning, risk management, incident response, configuration management, and system development life cycle and so on.

Content management of SP800-100 management maintenance model can address the actions of content filter described in given case.

Configuration management involves five steps identifying change, change, change request, implementing decision, implement approved change request and continuous monitoring.

ž   This management process begins with identifying where change is needed with the information system. In the given case, change in email setting is needed so as to block unsolicited commercial email.

ž   Evaluating effects of the change on system and identifying and testing and the change, whether the system would bring positive result. Evaluating email configuration would increase email security and block nuisance mails.

ž   Implementing the decision whether to approve the change or deny the change or postponing the change. Approving represent authorizing implementation, if information provided regarding change is not suitable to organization, and then implementation can also be denied or postponed.

ž   Once the team decides to implement the change after testing the software, it can be moved from testing environment to installation of software.

ž   Then the implemented software is to be monitored regularly for checking its operation and ensuring whether software helps to make system secure and increases performance of system.


2.     What recommendations would you give SLS for how it might select a security management maintenance model?


The recommendations for the Sequential Label and Supply Company for security management model are

1. Avira free anti-virus

2. ISO 27001

3. BSC

4. BSC and BI

5. The Apprentice


Ethical Decision Making

1.     Do you think this kind of action is unethical because Charlie knows he is leaving soon?


The kind of action taken by Charlie is completely unethical. Even though he knew that he would be living the office in two or three weeks, he tried to shove off the responsibility that was given to him by telling lies.


The most important factors when it comes to doing our job properly is to be honest and dedicated to the place we are working in here in the situation, we can see many traits of Charlie such as dishonesty, disregard and negligence to the employees of the company and to the company as a whole.

Since Charlie knows that he will be leaving the company in a while he has to inform the manager or the seniors in his company stating that he will be leaving so that it will also be helpful for the company to recruit someone in his place or make arrangements for his leaving the job. This also shows the lack of taking responsibility by Charlie because he did not want to do work for the company because he knew that he would be leaving in two or three weeks. Thinking that it would not make any impact, or it would not give him any personal benefits he did not think of conducting the meeting as early as possible.

This type of behavior should not be encouraged in the corporate world as people will start being irresponsible and we cannot hold anybody responsible if something goes wrong in the worst of the situations. To ensure that this doesn't happen among different employees of the company we should try to build comradery among each and every person working in the company and also try to have make them feel that they belong to the company and do work as if it's their own child instead of thinking it as some burden and then working just for the money.

People working in the company should be passionate towards their job.Honesty,integrity and passion towards the job and dedication are the most important traits and qualities that anybody looks in a person when he wants to hire them for the job. And Charlie was not up to the mark in all these qualities.

So in my opinion what Charlie did was wrong and he should have told the company manager that he would be leaving soon and finish of all his works that were remaining in the company and then leave gracefully instead of telling lies to his co-workers and then not doing the job that was assigned to him.