Q1.The next day at SLS found everyone in technical support busy restoring computer systems to their former state and installing new virus and worm control software. Amy found herselflearning how to install desktop computer operating systems and applications as SLS made aheroic effort to recover from the attack of the previous day.
Questions:
1. Do you think this event was caused by an insider or outsider? Why do you think this?
2. Other than installing virus and worm control software, what can SLS do to prepare forthe next incident?
3. Do you think this attack was the result of a virus or a worm? Why do you think this?
Q2.Soon after the board of directors meeting, Charlie was promoted to Chief InformationSecurity Officer, a new position that reports to the CIO, Gladys Williams, and that was created to provide leadership for SLS's efforts to improve its security profile.
Questions:
1. How do Fred, Gladys, and Charlie perceive the scope and scale of the new informationsecurity effort?
2. How will Fred measure success when he evaluates Gladys' performance for this project? How will he evaluate Charlie's performance?
3. Which of the threats discussed in this chapter should receive Charlie's attention earlyin his planning process?
Ch3. Q3.Iris called the company security hotline. The hotline was an anonymous way to report anysuspicious activity or abuse of company policy, although Iris chose to identify herself. The
next morning, she was called to a meeting with an investigator from corporate security,
which led to more meetings with others in corporate security, and then finally a meeting with
the director of human resources and Gladys Williams, the CIO of SLS.
Questions:
1. Why was Iris justified in determining who the owner of the CD was?
2. Should Iris have approached Henry directly, or was the hotline the most effective way
to take action? Why do you think so?
3. Should Iris have placed the CD back at the coffee station and forgotten the whole
thing? Explain why that action would have been ethical or unethical.
Ch4. Q4.As Charlie wrapped up the meeting, he ticked off a few key reminders for everyone involvedin the asset identification project.
"Okay, everyone, before we finish, please remember that you should try to make your asset lists
complete, but be sure to focus your attention on the more valuable assets first. Also, remember
that we evaluate our assets based on business impact to profitability first, and then economic
cost of replacement. Make sure you check with me about any questions that come up. We will
schedule our next meeting in two weeks, so please have your draft inventories ready."
Questions:
1. Did Charlie effectively organize the work before the meeting? Why or why not? Make
a list of the important issues you think should be covered by the work plan. For each
issue, provide a short explanation.
2. Will the company get useful information from the team it has assembled? Why or why
not?
3. Why might some attendees resist the goals of the meeting? Does it seem that each per-
son invited was briefed on the importance of the event and the issues behind it?