Principles of Information Security
5th Edition
ISBN: 9781285448367
Author: Michael E. Whitman, Herbert J. Mattord
Publisher: Course Technology
expand_more
expand_more
format_list_bulleted
Concept explainers
Question
Chapter 2, Problem 1EDM
Program Plan Intro
The securing process of the confidential data in a system or an organization from the unauthorized users like hackers or attacker is known as information security.
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
Ethical Decision Making
Instead of Charlie being named CISO, suppose instead that Fred hired his son-in-law, an unemployed accountant, to fill the role. Assuming the person had no prior experience or preparation for a job in information security, did Fred make an ethical choice? Explain your answer.
Suppose that SLS has implemented the policy prohibiting use of personal USB drives at work. Also, suppose that Davey Martinez brought in the USB drive he had used to store last month’s accounting worksheet. When he plugged in the drive, the worm outbreak started again and infected two servers. It’s obvious that Davey violated policy, but did he commit ethical violations as well?
Where in a business do you think the responsibility for information security starts and ends? The organization's control decides when security policies and measures go into effect and when they go out of effect, respectively. Do you believe any of these limits should be further widened or widened? If that's the case, how did you go about it? If that's not the case, what's going on?
In your opinion, where does an organization's information security begin and end? In other words, when does a company's security policy and measure take effect, and when does it stop taking effect? Do you believe that any of these limits might be extended in the future? If this is the case, explain how and why. If not, what would be the reason?
Chapter 2 Solutions
Principles of Information Security
Ch. 2 - Prob. 1RQCh. 2 - Prob. 2RQCh. 2 - Prob. 3RQCh. 2 - Prob. 4RQCh. 2 - Prob. 5RQCh. 2 - Prob. 6RQCh. 2 - Prob. 7RQCh. 2 - Prob. 8RQCh. 2 - Prob. 9RQCh. 2 - Prob. 10RQ
Ch. 2 - Prob. 11RQCh. 2 - Prob. 12RQCh. 2 - Prob. 13RQCh. 2 - Prob. 14RQCh. 2 - Prob. 15RQCh. 2 - Prob. 16RQCh. 2 - Prob. 17RQCh. 2 - Prob. 18RQCh. 2 - Prob. 19RQCh. 2 - Prob. 20RQCh. 2 - Prob. 1ECh. 2 - Prob. 2ECh. 2 - Prob. 3ECh. 2 - Prob. 4ECh. 2 - Prob. 5ECh. 2 - Prob. 1CEDQCh. 2 - Prob. 2CEDQCh. 2 - Prob. 3CEDQCh. 2 - Prob. 1EDM
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Similar questions
- Tell us about the preventative measures you would take to protect the network of your firm from the dangers posed by cyberattacks in the following sentence:arrow_forward(Taken from Ethics for the Information Age book) • Think about the last piece of consumer electronics you purchased. How did you first learn about it? What factors (features, price, ease of use, etc) did you weigh before you purchased it? Which of these factors were most influential in your purchase decision? Are you still happy with your purchase? • Consider a small business that is the victim of a cryptographic ransomware attack. The business does not have adequate backup files, and the cost of paying the ransom is much lower than the expected cost of continuing operations without the encrypted files and recreating the necessary records. Discuss the morality of the owner choosing to pay the ransom in order to recover the business’s files. • Are they any technologies that you wish had never been adopted? If so, which ones? Why?arrow_forwardAnswer the given question with a proper explanation and step-by-step solution. In this week's lecture, we are looking at the SANS CISO Mind Map and how we focused on Security Operations. Pick one of the items (for example - - Data Loss Prevention (DLP), VPN, Security Gateway, etc.) and research the topic and provide a two-paragraph minimum with references on the topic. Pick something you are interested in or do not know but would like to learn more about the topic. Sell me, make me excited.arrow_forward
- Analyze the following scenario: An employee using company resources sends email that is later retrieved when the employee sues the company. Is there a reasonable expectation of privacy? Is it different if the computer used was purchased by the employee but the email was sent during work hours? What additional facts or changes in your assumptions would alter your analysis? Ethically, what are the arguments, pro and con, for an employer monitoring electronic communication?arrow_forwardFor the scenario below, Determine how each of the CIA principles that were violated or not. Also, specify how three access controls that you believe are pertinent to this case might have reduced risk. The CEO of a healthcare service company brought her wok computer in a restaurant to eat with her friends and in meantime catch up with some work. She sat down at the back and started working in the computer. When her friends came, they did not see her. She noticed them so, she decided to go to them since she saw that the restaurant was not busy. When she came back to her table with her friends, she noticed that her work computer was missing. In panic, she looked everywhere, talked to the staff but still couldn’t find it. Her computer was password protected but the hard drive was not encrypted. Also, she has access to the company's database of 20,000 medical records containing patient data.arrow_forwardSome professionals in the area of information technology security believe that companies might benefit from hiring reformed hackers to serve as consultants. Can you say for sure? Are we talking about a good reason or a negative one?arrow_forward
- Suppose you are the victim of an identity thief who continues to use your identity and to ruin your credit rating after you have discovered the problem. What problems do you have in clearing your name? How could the laws be changed to help you in this process?arrow_forwardFred Chin, CEO of sequential label and supply, leaned back in his leather chair and propped his feet up on the long mahogany table in the conference room where the SLS Board of Directors had just adjourned their quarterly meeting.“What do you think about our computer security problem?” he asked Gladys Williams, the company’s chief information officer, or CIO. He was referring to last month’s outbreak of a malicious worm on the company’s computer network. Gladys replied, “I think we have a real problem, and we need to put together a real solution, not just a quick patch like the last time.” Eighteen months ago, the network had been infected by an employee’s personal USB drive. To prevent this from happening again, all users in the company were banned from using USB drives. Fred wasn’t convinced. “Can’t we just add another thousand dollars to the next training budget?” Gladys shook her head. “You’ve known for some time now that this business runs on technology. That’s why you hired me as…arrow_forwardAs a worst-case scenario, the whole institute might be destroyed if a war takes place. What would you suggest to ensure that the data is not lost in such an incident? If you consider a backup solution, discuss what you would do to ensure the confidentiality of the files.arrow_forward
- Discussion Questions Do you think Miller is out of options as he pursues his vendetta? If you think he could take additional actions in his effort to damage the SLS network, what are they? Suppose a system administrator at SLS read the details of this case. What steps should he or she take to improve the company's information security program? Consider Miller's hacking attempt in light of the intrusion kill chain described earlier and shown in Figure 7-1. At which phase in the kill chain has SLS countered his vendetta? Ethical Decision Making It seems obvious that Miller is breaking at least a few laws in his attempt at revenge. Suppose that when his scanning efforts had been detected, SLS not only added his IP address to the list of sites banned from connecting to the SLS network, the system also triggered a response to seek out his computer and delete key files on it to disable his operating system. Would such action by SLS be ethical? Do you think action would be legal? Suppose…arrow_forwardWhat is the purpose of surveillance? What types and levels of surveillance are there? As it relates to widespread use of CCTV surveillance in Europe, do you believe the US is embracing that practice? Whether your answer is yes or no, provide a legal rationale for whether you believe it is allowable, or not, under our laws.arrow_forwardWhere does an organization's information security begin and finish, in your opinion? To put it another way, when does a company's security policy and measures go into action, and when do they stop? Do you think any of these restrictions will be lifted in the future? Explain how and why if this is the case. What would be the cause if not?arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,