In this discussion post, you will analyze actions taken by Edward Snowden; namely, where he was a trusted system administrator who had privileged access to systems and protected data. Snowden is an example of “insider threat”-- he has stated he is a whistleblower and was concerned for citizen’s privacy. For information, please read the article Do you believe Snowden’s actions were justified? Why or why not?

In this discussion post, you will analyze actions taken by Edward Snowden; namely, where he was a trusted system administrator who had privileged access to systems and protected data. Snowden is an example of “insider threat”-- he has stated he is a whistleblower and was concerned for citizen’s privacy. For information, please read the article Do you believe Snowden’s actions were justified? Why or why not?

Principles of Information Security (MindTap Course List)

6th Edition

ISBN:9781337102063

Author:Michael E. Whitman, Herbert J. Mattord

Publisher:Michael E. Whitman, Herbert J. Mattord

Chapter3: Legal, Ethical, And Professional Issues In Information Security

Section: Chapter Questions

Problem 18RQ

See similar textbooks

Similar questions

In this discussion post, you will analyze actions taken by Edward Snowden; namely, where he was a trusted system administrator who had privileged access to systems and protected data. Snowden is an example of “insider threat”-- he has stated he is a whistleblower and was concerned for citizen’s privacy. For information, please read the article “Edward Snowden - Hero or Traitor?” After reading the article provided above, respond to the following prompt in your post: Do you believe Snowden’s actions were justified? Why or why not?
In this discussion post, you will analyze a real-world incident involving penetration testing and the required ethics of professionals. The GIAC Code of Ethics and Coalfire incident readings will help you prepare for the discussion board. When writing your post, answer the following: What are the legal implications of pentesting and hacking information systems? How has providing penetration testing services changed since the arrest of the two Coalfire employees on September 11, 2019? As a security professional, what concerns would you have regarding what happened? What impact did this event have on the PenTester community?
Task 1: Provide 5 reasons why general software updates and patches are important. Explain your answer Task 2: Is there a difference between a data breach and a privacy breach? Explain your answer. Task 3: your book talked about security issues with car automation. Why would that be of any concern for information security professionals? Task 4: we discussed Transitive Trust. And we covered so many different types of attacks. Do you think that there may be an attack on Trust? Explain your answer.
Where do you believe information security begins and ends in a company? The organization's control determines the earliest and latest points at which its security policies and measures become active and inactive, accordingly. Do you think any of these boundaries should be expanded or extended any more? If so, how and why did you go about doing so? If not, what's the cause behind this?
Discuss the differences between groups and roles in access control computer security?
Preserving confidentiality, integrity, and availability of data (and services) is one (defender-centric) traditional formulation of the security problem. Another is a more attacker-centric formulation where we are concerned about preventing interruption, interception, modification, and fabrication. How do the last four concepts related to the first three? That is, is any of the four equivalent to one of the three? Is one of the three encompassed by one or more of the four? Are there any concerns that are inside the scope of one formulation but ignored by the other? Which is a more useful framework and why?
In this lesson, we will go through the top ten current threats to computer systems, networks, and data security.
Discussion Questions Do you think Miller is out of options as he pursues his vendetta? If you think he could take additional actions in his effort to damage the SLS network, what are they? Suppose a system administrator at SLS read the details of this case. What steps should he or she take to improve the company's information security program? Consider Miller's hacking attempt in light of the intrusion kill chain described earlier and shown in Figure 7-1. At which phase in the kill chain has SLS countered his vendetta? Ethical Decision Making It seems obvious that Miller is breaking at least a few laws in his attempt at revenge. Suppose that when his scanning efforts had been detected, SLS not only added his IP address to the list of sites banned from connecting to the SLS network, the system also triggered a response to seek out his computer and delete key files on it to disable his operating system. Would such action by SLS be ethical? Do you think action would be legal? Suppose…
This is Information Assurance Security, may someone help me to understand this. May you give me an explanation and example for me to understand. Thank you, I would apprecite your response. - How important is it to evaluate risks? Is it even really that important? - Would you agree that threats are always there? Is it possible to completely mitigate or eradicate threats? - What is the relation of controls to vulnerabilities? - Is it safe for companies to fully invest in just physical controls to avoid threats? -What do you think should be done to lessen the chances of facing threats? -If your online personal information found in your social media accounts is at stake, what do you think are the risks and vulnerabilities of it? What controls will you employ to avoid those threats?
To learn more about your institution's security rules, look them up on the intranet or website. Is there a corporate security policy somewhere? Where have you come across security rules that are tailored to address a particular problem? What agency or department is in charge of issuing or coordinating all of these policies, or are they dispersed across the organization? Use the framework provided in this chapter to determine whether or not the policies you found in the preceding exercise are complete. What are the omissions in these areas?
Some professionals in the area of information technology security believe that companies might benefit from hiring reformed hackers to serve as consultants. Can you say for sure? Are we talking about a good reason or a negative one?