Review the Terry Childs Case
Terry Childs was arrested in June 2008 for tampering with San Francisco’s Fiber wide area network (WAN). Childs refused to share the network passwords and cyber-keys with city
officials which was considered a denial-of- service attack that is illegal in the state of California. Childs was also accused of ignoring phone calls and emails from Cyber Security Analyst Paul Marinaccio, who conducted vulnerability assessments. Childs emailed Paul two days prior to his arrest stating grievances he had with a manager and the lack of security the company has after being previously hacked (Wikipedia, (2023).
The actions by Childs left the city locked of its own system, the city uses the network for functions like payroll, e-mail, and documentation of law enforcement. City officials responded to the actions of Childs as criminal when he did not release the passwords. The company handled the legal procedures accordingly under the circumstances. The mayor was able to talk Childs into disclosing the passwords once he was in custody (News Report, 2021).
However, the company should have listened to the grievances stated by Childs and took his concerns serious. The lack of security awareness was a concern to Childs and city officials did
not hear his plea to mitigate the risk. The company could have implemented insider threat countermeasures such as separation and rotation of duties and not allowed Childs complete access over the entire network. This is a critical reason why duties should be separated because you can restrict the amount of power held by an individual. This countermeasure would have helped to avoid abuse or in this case the withholding of passwords from the company. Rotation of duties on a
