An organization dedicated to reducing spam tries to get Internet service providers (ISPS) in an East Asian country to stop the spammers by protecting their mail servers. When this effort is unsuccessful, the anti-spam organization puts the addresses of these ISPS on its "black list." Many ISPS in the United States consult the black list and refuse to accept email from the blacklisted ISPS. This action has two results. First, the amount of spam received by the typical email user in the United States drops by 25 percent. Second, tens of thousands of innocent computer users in the East Asian country are unable to send email to friends and business associates in the United States. Questions 1. Did the anti-spam organization do anything wrong? 2. Did the ISPS that refused to accept email from the black listed ISPS do anything wrong? 3. Who benefited from the organization's action? 4. Who was hurt by the organization's action? 5. Could the organization have achieved its goals through a better course of action? 6. What additional information, if any, would help you answer the previous questions?

An organization dedicated to reducing spam tries to get Internet service providers (ISPS) in an East Asian country to stop the spammers by protecting their mail servers. When this effort is unsuccessful, the anti-spam organization puts the addresses of these ISPS on its "black list." Many ISPS in the United States consult the black list and refuse to accept email from the blacklisted ISPS. This action has two results. First, the amount of spam received by the typical email user in the United States drops by 25 percent. Second, tens of thousands of innocent computer users in the East Asian country are unable to send email to friends and business associates in the United States. Questions 1. Did the anti-spam organization do anything wrong? 2. Did the ISPS that refused to accept email from the black listed ISPS do anything wrong? 3. Who benefited from the organization's action? 4. Who was hurt by the organization's action? 5. Could the organization have achieved its goals through a better course of action? 6. What additional information, if any, would help you answer the previous questions?

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter2: Compliance: Law And Ethics

Section: Chapter Questions

Problem 1EDM

See similar textbooks

Similar questions

Suppose you are managing your company’s network security. For each suspicious user activity, you need to decide whether or not to assign a human expert to check if it is malicious. Suppose that a human expert, once being assigned, can stop a malicious activity. The cost of assigning a human expert to check a suspicious activity is $1. The net benefit of stopping a malicious activity after factoring in the cost of assigning the human expert is $5. The cost of not stopping a malicious activity is $50. A non-malicious activity will not cause any loss to the company.a. Write down the decision weights in the following table. Specifically, please write down the value of a, b, c, d. Note that for the actual class, 1 means malicious and 0 means not malicious. (Short-answer) b. Continue from the previous question. What is the decision cut-off value you should use to decide whether to assign a human expert? Show calculation. Then write down the decision rule as well. Decision Actual…
For an international organisation that owns many branches around the world,combining the strengths of AES (symmetric) and RSA (asymmetric) encryptionis able to ensure a secret key be distributed to the intended recipients withoutrunning a huge risk of it being carelessly or deliberately compromisedsomewhere along the way. Describe how AES and RSA work together.
A virtual private network, more often known as a VPN, is the most effective method for securing a network's boundary. Is it possible for them to protect portable electronic devices as well? A Substantial Quantity of Written Material So, tell me, precisely what does an ACL stand for? What is meant by the term "firewall"? Explain the key differences between the two in at least 250 words each. What is it that binds them together into a single group?
(2). Suppose that as part of Bob’s early (unsuccessful) experiment with cloud based surveys, the authentication system allows the user to attempt 100 passwords per second, but the user must wait for a 5 second lockout period, every 10 seconds. The password Bob used is 5 digits in length, only digits 0 – 9 inclusive allowed. a) Showing all steps, Calculate and show the total amount of time required for the attacker to guarantee to guess the password, including delays and actual guessing time. b) Bob eventually adjusted his authentication system to make it more difficult using hashing and other techniques, but then he realized that Malice has been capturing the hashed passwords sent from his laptop to the cloud server for authentication, to try to replay the hashes. List the basic attack vectors Bob’s latest authentication system is vulnerable to, based on the…
Imagine a software that enables a surgeon to operate remotely on a patient who is in another country using just the internet. Why would anybody want to remain after the lights are out? How potentially damaging do they anticipate it to be? Which of your shortcomings do you believe they would highlight in an effort to cast doubt on you? Is it conceivable for harm to occur when there isn't a violent attacker there to exploit these vulnerabilities?
A hypothetical scenario where the management of login credentials is necessary could be a large corporation that has multiple departments and employees with varying levels of access to sensitive information. In order to maintain security and prevent unauthorised access, the company would need to implement a system for managing login credentials. This would involve assigning unique usernames and passwords to each employee, as well as establishing protocols for resetting passwords and revoking access when necessary. Additionally, the company may choose to implement two-factor authentication or other security measures to further protect sensitive data. Identify and analyse the different authentication techniques that are currently accessible. Is the utilisation of a password mandatory in all instances?
Consider a hypothetical scenario involving the administration of user logins. Create a comprehensive list of all conceivable authentication techniques. How do you feel about the future of passwords?
Assuming successful authentication, which of our objectives would be the most probable to be accomplished with its aid? The present article aims to conduct a comparative analysis of the advantages and disadvantages associated with diverse authentication protocols.
Suppose that Alice has a private key used for decryption. If she loses it thenshe no longer wishes to receive messages encrypted with the correspondingpublic key as she cannot decrypt them. Even worse, if her private key iscompromised, the adversary can decrypt messages sent to her. Suggest ONE(1) immediate action that must be taken to protect Alice in both cases.
First, argue for the best information security practice, whether a block cipher or stream cipher should be used to encrypt a video data file sent through the internet as part of a major, successful entertainment service. The entertainment company has a large market share, and ample resources. Secondly, argue for the most secure choice of which kind of cipher should be used for the authentication exchange between the user and the entertainment service web portal. The entertainment service is expensive to the customer, and users are wary of the misuse of their accounts. Consider the nature of the traffic and its pattern, and the nature of the keys to use.
For the Laplas Clipper malware, please write a short paragraph based on the given background and website info: - the date of the first incident’s report - How does it work, - How one should protect his/her system against this malware - If infected, how one can cope with that? Is there any solution? Laplas Clipper is a variant of information stealing malware which operates by diverting crypto-currency transactions from victims’ crypto wallets into the wallets of threat actors [1]. Laplas Clipper is a Malware-as-a-Service (MaaS) offering available for purchase and use by a variety of threat actors. It has been observed in the wild since October 2022, when 180 samples were identified and linked with another malware strain, namely SmokeLoader [2]. This loader has itself been observed since at least 2011 and acts as a delivery mechanism for popular malware strains [3]. SmokeLoader is typically distributed via malicious attachments sent in spam emails or targeted phishing campaigns but…
Which of our goals could be possible with authentication's help? The good and bad points of employing various authentication techniques will be covered here.