Case Project 2:
Read the following Case Study and answer the questions at the end in paragraph form.
XYZ Security Auditors was hired to determine if he could gain access to the network servers of a department store chain that contained important proprietary information. The chief information system officer (CISO) of the department store chain boldly proclaimed that breaking into the servers by the auditor would be “next to impossible” because the CISO “guarded his secrets with his life.” The auditors were able to gather information about the servers, such as the locations of the servers in different areas and their IP addresses, along with employee names and titles, their email addresses, phone numbers, physical addresses, and other information.
The auditors also learned that the chief executive officer (CEO) had a family member who had battled through lupus which does not have a cure. As a result the CEO became involved in lupus fundraising. By viewing the CEO’s entry on Facebook, he was also able to determine his favorite restaurant and sports team.
The auditors then called the CEO and impersonated a fundraiser from a lupus charity that the CEO had been involved with before. They stated that those individuals who made donations to this year’s charity event would be entered into a drawing for prizes, which included tickets to a game played by the CEO’s favorite sports team and gift certificates to area restaurants, one of which was the CEO’s favorite.
The CEO was very interested in the fake charity event, the auditors said that they would email him a PDF document that contained more information. When the CEO received the attachment he opened it, and a backdoor was installed on his computer without his knowledge. Auditors were then able to retrieve the company’s sensitive material. (When the CISO was later informed of what happened, he called it “unfair”; the auditors responded by saying, “A malicious hacker would not think twice about using that information against you.”)
Now pretend that you are an employee of that company and that it is your job to speak with the CISO and CEO about the security breach.
What would you say to them? Why?
What recommendations would you make for training and awareness for the company?
Write a letter to the CISO and CEO explaining the breach and what steps are taken to prevent this from happening in the future.
Case Project 3:
Choose one of the following threats, use the Internet to research and answer the questions, and write a one-page paper on your research: DoS Attacks, Arbitrary/Remote Code Execution Attacks, Injection Attack Defenses, Zero-Day Attacks, Buffer Overflow Attacks.
How do these attacks commonly occur?
How are the vulnerabilities discovered?
What are the defenses to protect against these attacks?
What are some of the most well-known attacks that have occurred?
...
Case Project 2 Read the following Case Study and answer the que
1. Case Project 2:
Read the following Case Study and answer the questions at the
end in paragraph form.
XYZ Security Auditors was hired to determine if he could gain
access to the network servers of a department store chain that
contained important proprietary information. The chief
information system officer (CISO) of the department store chain
boldly proclaimed that breaking into the servers by the auditor
would be “next to impossible” because the CISO “guarded his
secrets with his life.” The auditors were able to gather
information about the servers, such as the locations of the
servers in different areas and their IP addresses, along with
employee names and titles, their email addresses, phone
numbers, physical addresses, and other information.
The auditors also learned that the chief executive officer (CEO)
had a family member who had battled through lupus which does
not have a cure. As a result the CEO became involved in lupus
fundraising. By viewing the CEO’s entry on Facebook, he was
also able to determine his favorite restaurant and sports team.
The auditors then called the CEO and impersonated a fundraiser
from a lupus charity that the CEO had been involved with
before. They stated that those individuals who made donations
to this year’s charity event would be entered into a drawing for
prizes, which included tickets to a game played by the CEO’s
favorite sports team and gift certificates to area restaurants, one
of which was the CEO’s favorite.
The CEO was very interested in the fake charity event, the
auditors said that they would email him a PDF document that
contained more information. When the CEO received the
2. attachment he opened it, and a backdoor was installed on his
computer without his knowledge. Auditors were then able to
retrieve the company’s sensitive material. (When the CISO was
later informed of what happened, he called it “unfair”; the
auditors responded by saying, “A malicious hacker would not
think twice about using that information against you.”)
Now pretend that you are an employee of that company and that
it is your job to speak with the CISO and CEO about the
security breach.
What would you say to them? Why?
What recommendations would you make for training and
awareness for the company?
Write a letter to the CISO and CEO explaining the breach and
what steps are taken to prevent this from happening in the
future.
Case Project 3:
Choose one of the following threats, use the Internet to
research and answer the questions, and write a one-page paper
on your research: DoS Attacks, Arbitrary/Remote Code
Execution Attacks, Injection Attack Defenses, Zero-Day
Attacks, Buffer Overflow Attacks.
How do these attacks commonly occur?
How are the vulnerabilities discovered?
What are the defenses to protect against these attacks?
3. What are some of the most well-known attacks that have
occurred?
