1. List and assess at least three kinds of damage a company could suffer when the integrity of a program or company data are compromised. (A description of damage, not a definition of data integrity, is required.)
2. Acme Films produces advertisements for cable television stations. They have two locations in a large metropolitan area. Building 1 contains the administrative, sales, marketing, human resources, development, and graphics departments. Building 2 contains the sound stages, production and post production facilities, equipment, and mobile unit storage. The two buildings, five miles apart, are connected by a VPN using a T1 connection. Each location is protected by hardware firewalls and each location has a DMZ. Building 1's DMZ includes Web, FTP, DNS, and e-mail servers. Building 2's DMZ includes an FTP server from which clients can access work product. Network-based IDS systems are placed in the DMZs. There are 75 Windows XP workstations in each location. Workstation security is centrally managed and includes anti-virus, anti-spyware, and patch management. File, application, database, and print servers at each location are protected by anti-virus, anti-spyware, and patch management. Internet access is provided to users via a proxy server and NAT.
User authentication is controlled by Windows 2008 Active Directory and users must authenticate by using a smart card and entering a PIN. Discretionary access control methods are in use.
List and assess three security threats faced by the information technology systems and list and describe 1 security control needed that would be appropriate to address each threat.
3. You are designing a program that will be able to detect if any of the standard operating system files on a PC have been modified. You decide to use cryptography to accomplish this. Describe how cryptography can be used to meet your goal.
4. You have been asked to give a presentation to a law school class on digital crime. After the presentation, a student asks why so few people are actually prosecuted for computer crime when these crimes seem to be happening all the time. Give a five-point outline of your response to this question. Assess the impact on preventing crimes from your perspective given these issues.
5. After reading about attacks on servers similar to the ones used in one of your company's departments, the CIO has asked you to come up with a report as to what, if any, steps should be taken with your servers. List and describe the steps you would need to take in order to complete a detailed report.
6. Are ethics a matter of absolute right and wrong or are they changeable? Can an ethical person consider something to be wrong and then, later, consider that same thing to be right while still being ethical? Explain your reasoning. (Points : 40)
7. Which of the following statements is true?
From a legal point of view, it is easier to return software to a store because it doesn't meet your needs than it is to do so because the software is of poor quality.
If a programmer is, i) supervised in his work, ii) subject to being fired by his employer, iii) directed in his work by his employer, and iv) under contract for the work he is doing, it is most likely true that the programmer is considered the author of the work he has produced.
A civil judge cannot find that a plaintiff has been harmed and hold a defendant liable if the defendant has violated no written law.
It is easier to prove guilt in a criminal case than it is in a civil case.
A company is not required to protect trade secrets in order to maintain legal protection of the proprietary information.
8. Assess why technical means to assure data confidentiality depend upon trust.