Part 1: Application: Security and Privacy: Ethical and Legal Considerations
Companies often collect personal information of their consumers for various businessrelated reasons. In doing so, they automatically assume the ethical and legal responsibilities of protecting such information from any unauthorized entity. Therefore, such companies dealing with confidential consumer information should clearly know about the ethical and legal issues associated with handling the same.
Consider the following scenario: You are the security manager of a big credit reporting agency. The agency has access to financial information about consumers that may include amounts borrowed, accounts opened or closed, defaults, bankruptcies, and other sensitive personal data.
Based on your reading and upon conducting additional research, write a 3 to 5page paper about the ethical and legal considerations you need to address in handling confidential consumer information. Address the following points:
What are the ethical and legal responsibilities of your company in designing its interface and implementing security protocols to its systems?
What ethical and legal issues should you consider in order to determine your response when confidentiality of the consumer information has been compromised?
Many jurisdictions have breach laws that mandate disclosure of any loss of consumer information.
What positive and negative effects have these laws had?
Cite appropriate sources to justify your answers. Use APA style.
Part 2: Security Attacks and Attackers
You cannot tell an attacker's motivation from the kind of attack. Attackers with different motivations may all perpetrate the same type of attack. On the other hand, an attacker with a single motivation may execute several different forms of attacks. Understanding the motives of the attackers can help you recognize what resources are most likely to be threatened and can thus facilitate developing successful security countermeasures. For this Discussion, you analyze the motivations of attackers of information systems in organizations, differentiate between security attacks and legitimate traffic, and suggest countermeasures against attackers. In addition to utilizing the assigned resources for the Discussion, use your knowledge from the interactive exercise media "Introduction to Security Models and Standards" to interpret the attacks and develop countermeasures.
Identify a scenario where two instances of suspicious intrusive activities were detected in a computer information system. The two activities might or might not be of the same type (i.e., spam, phishing, DOS, etc.).
Briefly describe the scenario. For each activity, how would you determine if it was legitimate network traffic or an attack?
Next, suppose you have discovered that one of the two instances of activities in the above scenario was an attack.
Explain if it's an attack against confidentiality, integrity, or availability and explain the level of impact of the attack.
How would you determine the motivation of the attacker, and what other types of attacks might you need to anticipate based on that motivation?
What countermeasures would you develop to defend against the anticipated attacks based on that motivation?