Baker College ITS 3210 Chapter 3 - What Would You Do.

Document Content and Description Below

Chapter 3 – What Would You Do Farah Zoma 1. You and your team have been hired to assess the computer security of a small retailer. Where would you begin your assessment? What would you look for? ... a. I would begin by examining the permissions and security surrounding the database servers, firewalls, and web application server in use by the company. I would also look for any open ports, unneeded access, and public facing interfaces. 2. It appears that someone is using your firm’s corporate directory—which includes job titles, email addresses, and phone numbers—to contact senior managers and directors via text message. The text message requests that the recipient click on a URL, which leads to a website that looks as if it were designed by your human resources organization. Once at this phony website, the employees are asked to enter their bank routing number and account number to be used for electronic deposit of their annual bonus check. You are a member of the IT security group for the firm. What can you do? a. I would put out a memo letting the team know that a phishing attempts going around, and to not click on any suspicious links and to report these suspicious links to IT. I would then remove the upper management cellular numbers from the directory, and attempt to look through the logs for any suspicious access attempts to the directory itself. 3. You are the manager of the IT organization of a small business. The owner calls you late one night and tells you that she just received an anonymous call demanding payment of $10,000 or the company’s customer database will be encrypted and made inaccessible by a logic bomb that has already been planted in the firm’s billing system. What do you say? What can you do? a. I would tell her not to pay it. Immediately pull any back up servers offline to save the information just in case they really do go through with the logic bomb. I would then pull the system off the network for the period that they say they will enact it. 4. Your classmate tells you that he has been working all semester to create a blended threat and that he plans to test it against the university’s computer systems this weekend. What do you say? a. Tell him that I don’t want to know what he plans on doing, and that he should not go through with it. If he does go through with it and the system is compromised and they start to investigate I would tell the truth and admit who initiated the attack. 5. You are one of the top students in your university’s computer science program of 100 students, and you have agreed to meet with a recruiter from the Department of Homeland Security. Over dinner, he talks to you about the increasing threat of cyberterrorist attacks launched on the United States by foreign countries and the need to counter those attacks. The agency has a strong need for people who can both develop and defend against zero day exploits that could be used to plant malware in the software used by the government and military computers. At the end of the dinner, the recruiter asks, “Would such a role be of interest to you?” How do you respond? a. That I would be very interested in such an opportunity and to be able to increase my knowledge regarding something that is not readily available to the public. Plus it would look amazing on my resume. 6. You are a computer security trainer for your firm’s 200 employees and contract workers. What are the key topics you would cover in your initial half-hour basic training program on security for [Show More]

Last updated: 3 years ago

Preview 1 out of 11 pages