CIS 318: Ethics for the IT Professional Week 3
-
Upload
elijah-guerra -
Category
Documents
-
view
26 -
download
0
description
Transcript of CIS 318: Ethics for the IT Professional Week 3
![Page 1: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/1.jpg)
scis.regis.edu ● [email protected]
CIS 318: Ethics for the IT Professional
Week 3
Dr. Jesús BorregoRegis University
1
![Page 2: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/2.jpg)
Agenda
•Homework #2•Questions regarding material covered•Chapter 3: Crime with computers and
Internet•Activities•Homework 3•Questions?
2
![Page 3: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/3.jpg)
Homework #2• View Loyola University’s Fr. Makr Bandsuch’s video on ethics
(http://www.youtube.com/watch?v=xGeYQPBVZBk).• Prepare a one to two page summary of the major issues
discussed in the video.• Answer the following questions:
▫ What are three issues mentioned that are purely business ethical issues?
▫ What are three issues mentioned that are purely technology ethical issues?
▫ What are three issues mentioned that are both business and ethical issues?
▫ Prepare a Venn diagram with business, technology, and both issues.
• The document must be formatted in APA , with a title page, citations and references.
• Submit before week 3 in WorldClass.
3
![Page 4: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/4.jpg)
Chapter Topics
•Computer Crime▫Types of crime▫Types of criminals
•Crime on the internet•Information Security
▫Risk▫Security Policies▫Prevention▫Detection▫Response
4
![Page 5: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/5.jpg)
Objectives
• Identity theft, hacking, computer viruses, theft of computer equipment, and the like are all examples of the formidable array of computer- and Internet-related crimes that businesses and individuals face
• The ease of access to software and hardware by perpetrators serves to make crimes against businesses and individuals more prevalent
• Safeguarding private and business information is essential; however, ethical issues concerning security must be taken into consideration.
5
![Page 6: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/6.jpg)
Objectives - II▫Privacy is another concern, compounded by
rapidly advancing electronic technology▫A business must clearly define and provide
unambiguous expectations regarding personal and private information
▫A business needs to have strict guidelines on who has access to the private information
▫Further, businesses must take steps to protect private information from intruders
6
![Page 7: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/7.jpg)
IT Security Incidents – Major Concern•Security of information technology is of
utmost importance▫Safeguard:
Confidential business data Private customer and employee data
▫Protect against malicious acts of theft or disruption
▫Balance against other business needs and issues
•Number of IT-related security incidents is increasing around the world
7
![Page 8: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/8.jpg)
Why Computer Incidents Are So Prevalent?• Increasing complexity increases vulnerability
▫Computing environment is enormously complex Continues to increase in complexity Number of entry points expands continuously Cloud computing and virtualization software
•Higher computer user expectations▫Computer help desks under intense pressure
Forget to verify users’ IDs or check authorizations•Computer users share login IDs and passwords
8
![Page 9: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/9.jpg)
Why Computer Incidents Are So Prevalent (cont’d.)•Expanding/changing systems equal new risks
▫Network era Personal computers connect to networks with
millions of other computers All capable of sharing information
▫Information technology Ubiquitous Necessary tool for organizations to achieve goals Increasingly difficult to match pace of
technological change
9
![Page 10: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/10.jpg)
Why Computer Incidents Are So Prevalent (cont’d.)• Increased reliance on commercial software
with known vulnerabilities▫Exploit
Attack on information system Takes advantage of system vulnerability Due to poor system design or implementation
▫Patch “Fix” to eliminate the problem Users are responsible for obtaining and
installing Delays expose users to security breaches
10
![Page 11: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/11.jpg)
Why Computer Incidents Are So Prevalent (cont’d.)•Zero-day attack
▫Before a vulnerability is discovered or fixed•U.S. companies rely on commercial
software with known vulnerabilities
11
![Page 12: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/12.jpg)
Types of Exploits
•Computers as well as smartphones can be target
•Types of attacks▫Virus▫Worm▫Trojan horse▫Distributed denial of service▫Rootkit▫Spam▫Phishing (spear-phishing, smishing, and
vishing)
12
![Page 13: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/13.jpg)
Viruses
•Pieces of programming code•Usually disguised as something else•Cause unexpected and undesirable behavior•Often attached to files•Deliver a “payload”•Spread by actions of the “infected”
computer user Infected e-mail document attachments Downloads of infected programs Visits to infected Web sites
13
![Page 14: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/14.jpg)
Worms
•Harmful programs ▫Reside in active memory of a computer ▫Duplicate themselves
•Can propagate without human intervention
•Negative impact of worm attack▫Lost data and programs▫Lost productivity▫Additional effort for IT workers
14
![Page 15: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/15.jpg)
Trojan Horses
•Malicious code hidden inside seemingly harmless programs
•Users are tricked into installing them•Delivered via email attachment,
downloaded from a Web site, or contracted via a removable media device
•Logic bomb▫Executes when triggered by certain event
15
![Page 16: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/16.jpg)
Distributed Denial-of-Service (DDoS) Attacks•Malicious hacker takes over computers on the
Internet and causes them to flood a target site with demands for data and other small tasks▫The computers that are taken over are called
zombies▫Botnet is a very large group of such computers
•Does not involve a break-in at the target computer▫Target machine is busy responding to a stream
of automated requests▫Legitimate users cannot access target machine
16
![Page 17: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/17.jpg)
Rootkits
•Set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge
•Attacker can gain full control of the system and even obscure the presence of the rootkit
•Fundamental problem in detecting a rootkit is that the operating system currently running cannot be trusted to provide valid test results
17
![Page 18: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/18.jpg)
Spam
•Abuse of email systems to send unsolicited email to large numbers of people▫Low-cost commercial advertising for
questionable products▫Method of marketing also used by many
legitimate organizations•Controlling the Assault of Non-Solicited
Pornography and Marketing (CAN-SPAM) Act▫Legal to spam if basic requirements are met
18
![Page 19: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/19.jpg)
Spam (cont’d.)
•Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)▫Software generates tests that humans can
pass but computer programs cannot
19
![Page 20: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/20.jpg)
Phishing
•Act of using email fraudulently to try to get the recipient to reveal personal data
•Legitimate-looking emails lead users to counterfeit Web sites
•Spear-phishing▫Fraudulent emails to an organization’s
employees•Smishing
▫Phishing via text messages•Vishing
▫Phishing via voice mail messages20
![Page 21: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/21.jpg)
21
![Page 22: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/22.jpg)
Types of Perpetrators
•Perpetrators include:▫Thrill seekers wanting a challenge▫Common criminals looking for financial
gain▫Industrial spies trying to gain an advantage▫Terrorists seeking to cause destruction
•Different objectives and access to varying resources
•Willing to take different levels of risk to accomplish an objective
22
![Page 23: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/23.jpg)
Types of Perpetrators (cont’d.)
23
![Page 24: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/24.jpg)
Hackers and Crackers
•Hackers▫Test limitations of systems out of
intellectual curiosity Some smart and talented Others inept; termed “lamers” or “script
kiddies”•Crackers
▫Cracking is a form of hacking ▫Clearly criminal activity
24
![Page 25: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/25.jpg)
Malicious Insiders•Major security concern for companies•Fraud within an organization is usually due to
weaknesses in internal control procedures•Collusion
▫Cooperation between an employee and an outsider
•Insiders are not necessarily employees▫Can also be consultants and contractors
•Extremely difficult to detect or stop ▫Authorized to access the very systems they abuse
•Negligent insiders have potential to cause damage
25
![Page 26: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/26.jpg)
Industrial Spies•Use illegal means to obtain trade secrets
from competitors•Trade secrets are protected by the
Economic Espionage Act of 1996•Competitive intelligence
▫Uses legal techniques ▫Gathers information available to the public
•Industrial espionage▫Uses illegal means ▫Obtains information not available to the
public26
![Page 27: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/27.jpg)
Cybercriminals•Hack into corporate computers to steal•Engage in all forms of computer fraud•Chargebacks are disputed transactions•Loss of customer trust has more impact than
fraud•To reduce potential for online credit card
fraud: ▫Use encryption technology▫Verify the address submitted online against the
issuing bank▫Request a card verification value (CVV)▫Use transaction-risk scoring software
27
![Page 28: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/28.jpg)
Cybercriminals (cont’d.)
•Smart cards▫Contain a memory chip ▫Updated with encrypted data each time
card is used▫Used widely in Europe▫Not widely used in the U.S.
28
![Page 29: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/29.jpg)
Hacktivists and Cyberterrorists
•Hacktivism ▫Hacking to achieve a political or social goal
•Cyberterrorist▫Attacks computers or networks in an attempt
to intimidate or coerce a government in order to advance certain political or social objectives
▫Seeks to cause harm rather than gather information
▫Uses techniques that destroy or disrupt services
29
![Page 30: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/30.jpg)
Federal Laws for Prosecuting Computer Attacks
30
![Page 31: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/31.jpg)
Activity ITake notes from the following videos: •TJ Maxx theft believed largest hack ever (00:53) http://www.nbcnews.com/id/17871485/ns/technology_and_science-security/t/tj-maxx-theft-believed-largest-hack-ever/•10 Notorious Cyber Crimes (2:55) http://www.youtube.com/watch?v=m0iaRn2WwPw•Cybercrime and what you can do about it (17:26) https://www.ted.com/talks/james_lyne_everyday_cybercrime_and_what_you_can_do_about_it#t-392377•How safe is your money? (3:17) http://money.cnn.com/video/pf/2014/02/12/pf-money-safe-cyber-crime.cnnmoney/
31
![Page 32: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/32.jpg)
Implementing Trustworthy Computing
•Trustworthy computing▫Delivers secure, private, and reliable
computing ▫Based on sound business practices
32
![Page 33: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/33.jpg)
Implementing Trustworthy Computing (cont’d.)•Security of any system or network
▫Combination of technology, policy, and people▫Requires a wide range of activities to be
effective•Systems must be monitored to detect
possible intrusion•Clear reaction plan addresses:
▫Notification, evidence protection, activity log maintenance, containment, eradication, and recovery
33
![Page 34: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/34.jpg)
Risk Assessment
•Process of assessing security-related risks:▫To an organization’s computers and
networks ▫From both internal and external threats
•Identifies investments that best protect from most likely and serious threats
•Focuses security efforts on areas of highest payoff
34
![Page 35: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/35.jpg)
Risk Assessment (cont’d.)
•Eight-step risk assessment process ▫#1 Identify assets of most concern▫#2 Identify loss events that could occur▫#3 Assess likelihood of each potential threat▫#4 Determine the impact of each threat▫#5 Determine how each threat could be mitigated▫#6 Assess feasibility of mitigation options▫#7 Perform cost-benefit analysis▫#8 Decide which countermeasures to implement
35
![Page 36: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/36.jpg)
Risk Assessment (cont’d.)
36
![Page 37: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/37.jpg)
Risk Assessment (cont’d.)
37
![Page 38: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/38.jpg)
Establishing a Security Policy
•A security policy defines: ▫Organization’s security requirements ▫Controls and sanctions needed to meet the
requirements•Delineates responsibilities and expected
behavior•Outlines what needs to be done
▫Not how to do it•Automated system policies should mirror
written policies38
![Page 39: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/39.jpg)
Establishing a Security Policy (cont’d.)•Trade-off between:
▫Ease of use▫Increased security
•Areas of concern▫Email attachments▫Wireless devices
•VPN uses the Internet to relay communications but maintains privacy through security features
•Additional security includes encrypting originating and receiving network addresses
39
![Page 40: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/40.jpg)
Educating Employees, Contractors, and Part-Time Workers•Educate and motivate users to understand
and follow policy•Discuss recent security incidents •Help protect information systems by:
▫Guarding passwords▫Not allowing sharing of passwords▫Applying strict access controls to protect data▫Reporting all unusual activity▫Protecting portable computing and data
storage devices
40
![Page 41: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/41.jpg)
Prevention• Implement a layered security solution
▫Make computer break-ins harder• Installing a corporate firewall
▫Limits network access• Intrusion prevention systems
▫Block viruses, malformed packets, and other threats
• Installing antivirus software▫Scans for sequence of bytes or virus signature▫United States Computer Emergency Readiness
Team (US-CERT) serves as clearinghouse
41
![Page 42: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/42.jpg)
Prevention (cont’d.)
42
![Page 43: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/43.jpg)
Prevention (cont’d.)
43
![Page 44: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/44.jpg)
Prevention (cont’d.)
•Safeguards against attacks by malicious insiders
•Departing employees and contractors▫Promptly delete computer accounts, login
IDs, and passwords•Carefully define employee roles and
separate key responsibilities•Create roles and user accounts to limit
authority
44
![Page 45: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/45.jpg)
Prevention (cont’d.)
•Defending against cyberterrorism▫Department of Homeland Security and its
National Cyber Security Division (NCSD) is a resource Builds and maintains a national security
cyberspace response system Implements a cyber-risk management
program for protection of critical infrastructure, including banking and finance, water, government operations, and emergency services
45
![Page 46: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/46.jpg)
Prevention (cont’d.)
•Conduct periodic IT security audits▫Evaluate policies and whether they are
followed▫Review access and levels of authority▫Test system safeguards▫Information Protection Assessment kit is
available from the Computer Security Institute
46
![Page 47: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/47.jpg)
Activity - IIGroup Questions:1.What are the main internet crimes?2.Why is it difficult to fight internet crime?3.What can police do to fight these crimes?4.What can a family to do to help fight these crimes?5.What can IT to do to help fight these crimes?
47
![Page 48: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/48.jpg)
Detection
•Detection systems ▫Catch intruders in the act
• Intrusion detection system ▫Monitors system/network resources and
activities▫Notifies the proper authority when it identifies:
Possible intrusions from outside the organization Misuse from within the organization
▫Knowledge-based approach▫Behavior-based approach
48
![Page 49: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/49.jpg)
Response
•Response plan ▫Develop well in advance of any incident ▫Approved by:
Legal department Senior management
•Primary goals ▫Regain control and limit damage▫Not to monitor or catch an intruder
•Only 56% have response plan
49
![Page 50: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/50.jpg)
Response (cont’d.)
•Incident notification defines:▫Who to notify ▫Who not to notify
•Security experts recommend against releasing specific information about a security compromise in public forums
•Document all details of a security incident▫All system events▫Specific actions taken▫All external conversations
50
![Page 51: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/51.jpg)
Response (cont’d.)
•Act quickly to contain an attack•Eradication effort
▫Collect and log all possible criminal evidence
▫Verify necessary backups are current and complete
▫Create new backups•Follow-up
▫Determine how security was compromised Prevent it from happening again
51
![Page 52: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/52.jpg)
Response (cont’d.)
•Review▫Determine exactly what happened▫Evaluate how the organization responded
•Weigh carefully the amount of effort required to capture the perpetrator
•Consider the potential for negative publicity
•Legal precedent▫Hold organizations accountable for their
own IT security weaknesses52
![Page 53: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/53.jpg)
Computer Forensics
•Combines elements of law and computer science to identify, collect, examine, and preserve data and preserve its integrity so it is admissible as evidence
•Computer forensics investigation requires extensive training and certification and knowledge of laws that apply to gathering of criminal evidence
53
![Page 54: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/54.jpg)
Summary•Ethical decisions in determining which
information systems and data most need protection
•Most common computer exploits▫Viruses▫Worms▫Trojan horses▫Distributed denial-of-service attacks▫Rootkits▫Spam▫Phishing, spear-fishing, smishing, vishing
54
![Page 55: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/55.jpg)
Summary (cont’d.)
•Perpetrators include:▫Hackers▫Crackers▫Malicious insider▫Industrial spies▫Cybercriminals▫Hacktivist▫Cyberterrorists
55
![Page 56: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/56.jpg)
Summary (cont’d.)•Must implement multilayer process for
managing security vulnerabilities, including:▫Assessment of threats▫Identifying actions to address vulnerabilities▫User education
• IT must lead the effort to implement:▫Security policies and procedures▫Hardware and software to prevent security
breaches•Computer forensics is key to fighting
computer crime in a court of law
56
![Page 57: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/57.jpg)
Homework 3 (Week 4)
•Pick a case study from the end of Chapte 3 (3rd or 4th edition)
•In a Word document, discuss the case study in 3-4 paragraphs
•Answer the questions at the end of the chapter
•Submit your document before week 4, in APA style
57
![Page 58: CIS 318: Ethics for the IT Professional Week 3](https://reader036.fdocuments.in/reader036/viewer/2022062321/56813727550346895d9eb345/html5/thumbnails/58.jpg)
Questions?
58