Chapter 8 Case Exercises
Charlie was just getting ready to head home when the phone rang. Caller ID showed it was Peter.
“Hi, Peter,” he said into the receiver. “Want me to start the file cracker on your spreadsheet?”
“No thanks,” Peter answered, taking the joke well. “I remembered my passphrase. But I want to get your advice on what we need to do to make the use of encryption more effective and to get it properly licensed for the whole company. I see the value in using it for certain kinds of information, but I’m worried abou forgetting a passphrase again or even worse, that someone else forgets a passphrase or leaves the company. How would we get their files back?”
“We need to use a feature called key recovery, which is usually part of PKI software,” said Charlie. “Actually, if we invest in PKI software, we could solve that problem as well as several others.”
“OK,” said Peter. “Can you see me tomorrow at 10 o’clock to talk about this PKI solution and how we can make better use of encryption?”
1. Was Charlie exaggerating when he gave Peter an estimate for the time that would be required to crack the encryption key using a brute force attack?
2. Are there any tools that someone like Peter can use safely, other than key recovery, to avoid losing his or her passphrase?
Chapter 9 Case Exercise
Amy walked into her office cubicle and sat down. The entire episode with the blond man had taken well over two hours of her day. Plus, the police officers had told her the district attorney would also be calling to make an appointment to speak to her, which meant she would have to spend even more time dealing with this incident. She hoped her manager would understand.
1. Based on this case study, what security awareness and training documents and posters had an impact in this event?
2. Do you think that Amy should have done anything differently? What would you have done in the situation in which she found herself?
Chapter 10 Case Exercise
1. What project management tasks should Kelvin perform before his next meeting?
2. What change management tasks should Kelvin perform before his next meeting, and how do these task fit within the project management process?
3. Had you been in Kelvin’s place, what would you have done differently to prepare for this meeting?
Chapter 11 Case Exercise
After her meeting with Charlie, Iris returned to her office. When she had completed her daily assignments, she pulled out a notepad and began to make some notes abou the information security position Charlie had offered her.
1. What questions should Iris ask Charlie about the new job, about Kelvin’s team, and about the future of the company?
2. What questions should Iris ask Kelvin about the new job?
Chapter 12 Case Exercise
More info on case exercise on page 577
1. What area of the SP 800-100 maintenance model addresses the actions of the content filter described here?
2. What recommendations would you give Sequential Label and Supply Company for how it might select a security management maintenance model?