Chapter 4 Exercises
1. Using a graphics program, design several security awareness posters on the following themes: updating antivirus signatures, protecting sensitive information, watching out for e-mail viruses, prohibiting the personal use of company equipment, changing and protecting passwords, avoiding social engineering, and protecting software copyrights. What other themes can you imagine?
Some theme with some idea of information security and some bad result might been caused by the information security issue and adding some image we have in our mind of hackers. Also in the mid of the picture, we should add more word like: update your antivirus in time.
2. Search the Web for security education and training programs in your area. Keep a list and see which category has the most examples. See if you can determine the costs associated with each example. Which do you think would be more cost-effective in terms of both time and money?
After I searched that I found out there is one in CDSE, and that seem donít need any fee for the course. But it seems donít have any final exam. And also I am not expecting the really benefit we might get from that.
3. Search the Web for examples of issue-specific security policies. What types of policies can you find? Using the format provided in this chapter, draft a simple issue-specific policy that outlines fair and responsible use of computers at your college, based on the rules and regulations of your institution. Does your school have a similar policy? Does it contain all the elements listed in the text?
††††† EISP, SysSSP . I didnít find out the simple issue-specific policy that outlines fair and responsible use of computer in UWS and here are the policy.
†††††††††††† Sensitive or otherwise chose a password that is easy to remember but hard for others to figure out.
†††††††††††† Log off all workstation or computer when you have completed your tasks.
4. Use your library or the Web to find a reported natural disaster that happened at least 6 months ago. From the news accounts, determine whether local or national officials had prepared disaster plans and if the plans were used. See if you can determine how the plans helped officials improve disaster response. How do the plans help the recovery?
China was hit by severe floods from January, killing more than 144 people. Chinaís government and the local fire department was using a plan to save people from flooding and give them shelter† food and water to keep them alive.† This plan at least saved many people from dying.
5. Classify each of the following occurrences as an incident or a disaster. If an occurrence is a disaster, determine whether business continuity plans would be called into play.
a) A hacker breaks into the company network and deletes files from a server.
This is a disaster because the hacker deleted files from a company server
b) A fire breaks out in the storeroom and sets of sprinklers on that floor. Some computers are damaged, but the fire is contained.
This is an incident because the computers were damaged, but not on purpose and the fire have already been contained.
c) A tornado hits a local power station, and the company will be without power for three to five days.
This would be an incident because it does not damaged any file and this is just stop the company from working for several days.
d) Employees go on strike, and the company could be without critical workers for weeks.
This might being a disaster because without critical workers, the company may been kick out by other company in the same market.
e) A disgruntled employee takes a critical server home, sneaking it out after hours.
††††††††††† ††††††This is a disaster, the critical server might cause a really bad information leak and this †††††††††††††††††††††††might cause the trust issue for this company.