1. Recently, Internet activists mounted retaliatory attacks on web sites of multinational companies and other organizations they deemed hostile to WikiLeaks. For example, immediately after a British judge's decision to deny bail to the creator of WikiLeaks, Julian Assange, attacks on the web sites of WikiLeaks's "enemies" caused corporate web sites to become inaccessible or slow down significantly.
a. Describe the nature of these Internet activists and compare and contrast them against "traditional" hackers.
b. Discuss current monitoring technologies used to detect intrusions that would be applicable for a company that might be a target.
c. Describe other security countermeasures that are needed to address the given circumstances.
d. Discuss post-incident procedures that are appropriate after an attack occurred at a corporate web site.
2. A major public consulting firm has been tasked with implementing an online patient care system that will enable a military medical facility to electronically provide military patients access to their medical records. The patients include both active and retired military personnel located throughout the world. Included in the system is a social network so patients could share information with each other and provide feedback to the medical facility.
a. Discuss and explain the potential security threats.
b. Identify the potential vulnerabilities of such a system and provide your rationale.
c. Describe relevant security approaches necessary to protect both the patients and the military organization responsible for maintaining the new system.
d. Explain the security issues related to outsourcing this work to a consulting firm over having it done in house within a military environment. How would one overcome these issues?
3. Your company will be implementing a hybrid cloud solution for the processing and storage of personnel records.
a. Discuss the challenges this proposed solution will have on system security and reliability.
b. Identify who will be accountable and who will be responsible for the protection of the company's sensitive data.
c. What questions would you want to ask the prospective cloud providers who will be implementing this solution?
d. Specify the security provisions needed for the cloud architecture to ensure secure computing.
4. The head of your organization wants to implement a mobile application that will work on current smart phones. This application would provide users with instant product quotes for different IT products and help locate your organization's retail locations using the smartphone's GPS system.
a. Discuss the unique cybersecurity concerns associated with mobile devices as compared with conventional computing devices such as desktop and laptop computers.
b. Identify ways security can be "baked" into the software development process for these mobile applications.
c. Review the cybersecurity countermeasures that the organization needs to take for the given scenario.
d. From the perspective of the smart phone user, summarize the key practices for ensuring mobile device security.