MIDTERM EXAM

MPSALE 515
INFORMATION SECURITY PROTECTION

1. How important is computer ethics? Give some examples to support your

answer.

In this modern era where cyberworld is part of our system, computer

ethics is highly important because; it regulates online privacy and safety, it tells
us how to use computers ethically, and it helps to deter online crimes such as
cyber piracy, plagiarism, identity theft, cyberbullying and cyber stalking, and
promotes moral and social values in society.
In observance of computer ethics, we must avoid using computer to harm
people such as creating bomb or destroying other people’s work, users should
not use a computer for stealing activities like breaking in to a bank or company,
make sure a copy of software had been paid by the users before it is use-
intellectual product, and lastly people must not use other people computer
resources without authorization because it can be declared as hacking.

2. Using your favorite search engine conduct a search for each of the
cyberattacks listed below. Your search will likely turn up multiple results
ranging from news articles to technical articles.
a. Home Depot Security Breach
b. Target Credit Card Breach
c. Sony Pictures Entertainment Hack
Read the articles found from your search and discuss your research on the
who, what, when, where, and why of each attack by answering the following
questions for every case.
1. Who were the victims of the attacks?

Home Depot Security Target Credit Card Sony Pictures

Breach Breach Entertainment Hack

- Home Depot US stores -Target Corp. - SONY employees

customers costumers, resulted
in 40 million card
 numbers and 70
million personal
records stolen

2. What technologies and tools were used in the attack?

Home Depot Security Target Credit Card Sony Pictures

Breach Breach Entertainment Hack

- unknown variant of -BLAKPOS - the attacker GOP or

malware Guardians of Peace
used cyber terrorism
-potential breach of
through Shamon wiper
customer credit- or
malware
debit-card data

3. When did the attack happen within the network?

Home Depot Security Target Credit Card Sony Pictures

Breach Breach Entertainment Hack

-September 2014 - November and - November 24, 2014

December 2013

4. What systems were targeted?

Home Depot Security Target Credit Card Sony Pictures

Breach Breach Entertainment Hack

-Home Depot’s network -TARGET SYSTEM - Sony Pictures

ITSELF Entertainment System

5. What was the motivation of the attackers in this case? What

did they hope to achieve?

Home Depot Security Target Credit Card Sony Pictures

Breach Breach Entertainment Hack
-
 - money -money -political aspect

6. What was the outcome of the attack? (stolen data, ransom,

system damage, etc.)

Home Depot Security Target Credit Card Sony Pictures

Breach Breach Entertainment Hack

-customer’s credit card -customer’s credit - leakage of confidential

information had been card information had data from the film studio
compromised resulted been compromised Sony Pictures to the
in 56 million consumer resulted in resulted media,
credit card data were in 40 million card
exposed numbers and 70

3. Analyze Your Online Behavior

Below are a few important online safety tips.
a. The more information you share on social media, the more you allow an
attacker to know you. With more knowledge, an attacker can craft a much
more targeted attack. For example, by sharing with the world you went to a
car race, an attacker can craft a malicious email coming from the ticketing
company responsible for the race event. Because you have just been to the
event, the email seems more credible.
b. Reusing passwords is a bad practice. If you reuse a password in a service
under attackers’ control, they may be successful when attempting to log in as
you in other services.
c. Emails can be easily forged to look legitimate. Forged emails often contain
links to malicious sites or malware. As a general rule, do not click embedded
links received via email.
d. Do not accept any unsolicited software, especially if it comes from a web
page. It is extremely unlikely that a web page will have a legitimate software
update for you. It is strongly recommended to close the browser and use the
operating system tools to check for the updates.
e. Malicious web pages can be easily made to look like a bank or financial
institution website. Before clicking the links or providing any information,
double-check the URL to make sure it is the correct web page.
f. When you allow a program to run on your computer, you give it a lot of power.
Choose wisely before allowing a program to run. Research to make sure the
 company or individual behind the program is a serious and legitimate author.
Also, only download the program from the official website of the company or
individual.
g. USB drives and thumb drives include a tiny controller to allow computers to
communicate with it. It is possible to infect that controller and instruct it to
install malicious software on the host computer. Because the malware is
hosted in the USB controller itself and not in the data area, no amount of
erasing or anti-virus scanning will detect the malware.
Question: After analyzing your online behavior, what changes would
you make to protect yourself online?
The changes that I would like to change to protect myself in the world of
internet are; giving my debit card information or using it to pay on my online shopping,
using the same password, and clicking malicious web pages that looks like bank or
financial institution website.

4. What is risk management? Why is the identification of risks, by listing assets and their
vulnerabilities, so important to the risk management process?

Risk management is mitigations or series of steps to be considered to

prevent or reduce the likelihood of the risk event occurring with relation to their
cost and the reduction of risk exposure, it could also be a the contingency plan
to recover asset once risk is manifested. In addition, it is important to identify the
risk by listing assets and vulnerabilities so that the IT managers or the CISO in
charge in the system could react quickly in such information risk and having its
own other plan aside form the usual contingency plan.