ITS 360




     2. It appears that someone is using your firms corporate directorywhich includes job titles, email addresses, and phone numbersto contact senior managers and directors via text message. The text message requests that the recipient click on a URL, which leads to a website that looks as if it were designed by your human resources organization. Once at this phony website, the employees are asked to enter their bank routing number and account number to be used for electronic deposit of their annual bonus check. You are a member of the IT security group for the firm. What can you do?

         This email if then identified as a fake mail sent by an anonymous it will anyway cause damage to companys reputation. Hence companys security regarding confidential matters must be ensured by IT department. Even a small negligence will directly effect on organization. If I am a member of IT security firm, I would report this to higher authority first and rest is up to them to take necessary steps.


     5. You are one of the top students in your universitys computer science program of 100 students, and you have agreed to meet with a recruiter from the Department of Homeland Security. Over dinner, he talks to you about the increasing threat of cyberterrorist attacks launched on the United States by foreign countries and the need to counter those attacks. The agency has a strong need for people who can both develop and defend against zero day exploits that could be used to plant malware in the software used by the government and military computers. At the end of the dinner, the recruiter asks, Would such a role be of interest to you? How do you respond?

         Yes. Agents do not have much knowledge about this. Hence they hire people for this. A topper will definitely know better than others. The obvious question that might rise it safe and legal to accept this job and work hard on it.


Critical Thinking

Case 1.

1. After the use of KCS's MSSP, Fairplay Finer Foods become enough able to implement and manage a corporate network that the grocery chain uses to run applications and communicate across all its stores. Another advantage of using KCS's MSSP is that to provide data security so that credit cards and other forms of electronic payment could easily be accepted. I think only one potential drawback of this overall process is that if we want to have cloud - based security, then we would need to upgrade the network on an ongoing basis by implementing the latest security enhancements, which might be costly for small retailers.

2. If I am one of the member of Fairplays management, I will make sure that all of the system defaults that were selected when the system was setup were changed using strong passwords and encryption. In this way, the strong passwords will help to protect the data.

3. The changes were made in moving from PCI 2.0 to PCI 3.0 are there are extending all the SSL and TLS dates to June 30, why because in the year 2018 it will be reinforced. Another change to there are providing the Multi factor authentication by using it we can access the cardholder data environment remotely and also locally. And also changes were made to all the services and service providers which will undergo additional scrutiny of their change management processes. We can increase the security and in the coming future we can rule around all the cards for displaying numbers which is also known as card number and we will be at the right place to modify the upcoming change to card number standards.


Case 2.

1. Sonys response to the cyber-attack was appreciable

Then they tried to remove all the content that has been released due to the hack from all those who have downloaded the contents

            Because first thing they did was cancelling the release of the content that has already stolen

And it is taking help of third party companies to remove all the links and contents from anywhere in the internet

They declared with the support of laws that any usage and storage of those content are illegal


2. Things that can be done differently can be as follows

The us government has declared sanction on the north Korean organizations and individuals but it would have been more effective if some international organization to investigate so the actions would have been more effective.

             It is not the first time that Sony is been hacked, so they could be have more alert to such    situations.

Sony could have been Release the stolen data before it is distributed over the third party distributers.


There are measures available that can take over the hacks but the contradiction between laws of different nations is an issue

But Together with the Sony Us government can make the measures more effective

By collaborating with us government organizations that works for piracy and cyber-attack the Sony can implement more efficient cyber security measures that work more efficiently.

A collaborative group can work dedicated to monitor the internet traffic over the country so can detect any malicious traffic can be detected mote ease and at the earliest.