information security officer
Each response is limited to 300 words. DO NOT EXCEED 300 WORDS FOR EACH RESPONSE! The following criteria will be used for grading: relevance and correctness, completeness, clarity and logical flow, spelling, grammar, and proper citations/Reference List. EXAM QUESTIONS: 1. Ransom Attack You are the information security officer in a small company that sells products to the public. Your phone has been ringing all morning. Customers cannot access your website. Your research reveals that there is a bigger problem. Your customer, supplier and inventory data have all been encrypted, and you don’t have the key.
The boss got an email demanding a ransom to get the encryption key and to restore your website. What should you do? Why? 2. Bring Your Own Device (BYOD) and Acceptable Use BYOD means that devices employees own are being used for work. Discuss how an organization can/should manage the use of personal devices. What are the most important restrictions the organization can impose on work use? On personal use? Why are these limits important? How can they be established and enforced? 3. Computer Fraud and Abuse Act (CFAA) This key cybersecurity law makes it a federal crime to intentionally access a computer without authorization or by exceeding authorized access. Explain the issue(s) presented by the CFAA term, “authorization,” using recent example(s), and how it could be improved/corrected.
4. The Privacy Act and Data Brokers The Privacy Act controls the federal government protection of certain data in its systems of records. Explain how or if that Act applies to data the government accesses from commercial data brokers. 5. Life Style Surveillance Digitization, technology and applications permit us to monitor our physical activity and health statistics. Employers are increasingly interested in influencing or controlling the non-work and non-duty hour activities of their employees. Describe the potential benefits to be gained from employers’ collecting/using employee non-duty hour lifestyle/health data. For example, do employees exercise regularly? Do they smoke? Document one example of an employer collecting or accessing information about employee non-duty, health-related activities. Identify and explain legal and ethical challenges to the practice of monitoring employee off-duty lifestyle (for example, exercise and eating) activities. This goes beyond workplace wellness programs