Attachment # 00005891 - Writing_Sample.docx
Writing_Sample.docx (47.93 KB)
Raw Preview of Attachment:
(refer to the detailed question and attachment below)
763905104775The Running Head is used to identify pages which belong to the same piece of work. Max length = 50 characters. Capitalize as shown.00The Running Head is used to identify pages which belong to the same piece of work. Max length = 50 characters. Capitalize as shown.3248025209550Title page is numbered starting with 1. Page numbers go in header, right aligned.00Title page is numbered starting with 1. Page numbers go in header, right aligned.APA Writing Sample: TitleName9810751556385Margins must be at least 1” for top, bottom, left, right. See p. 229. Use same setting for all 4 margins.Recommended page lengths for student assignments are based upon 1” margins.00Margins must be at least 1” for top, bottom, left, right. See p. 229. Use same setting for all 4 margins.Recommended page lengths for student assignments are based upon 1” margins.April 2, 20144562475-428625Double space lines in paragraphs.00Double space lines in paragraphs.514350-47625Indent paragraphs ½” 00Indent paragraphs ½” Introduction8858252426970Level 2 Heading 00Level 2 Heading 37814252341245Level 1 Heading, pp. 62-63 00Level 1 Heading, pp. 62-63 3905250893445Consistent fonts and font sizes throughout the paper. Times New Roman 12 is recommended for readability and professional appearance.00Consistent fonts and font sizes throughout the paper. Times New Roman 12 is recommended for readability and professional appearance.Writing as Anonymous (2003), the Chief Information Security Officer (CISO) of a major United States (US) corporation told a chilling tale of email based extortion attempts against employees who had received extortion threats via email sent to their corporate email addresses. The corporation, its managers, and the individual employees who were targeted faced a number of issues and dilemmas as they responded to security incident caused by the extortion attempts. In the following analysis, one issue–the enforcement of acceptable use policies–is discussed and critiqued.AnalysisThe Attack9334501377315Do not put an extra line between paragraphs or between paragraphs and headings. 00Do not put an extra line between paragraphs or between paragraphs and headings. Drive by download attacks occur when a legitimate Web server has been infected with malware or malicious scripts which deliver malware, pornography, or other objectionable material along with the Web page content that the visitor was expecting to see (Microsoft, 2014; Niki, 2009). These types of attacks are difficult to detect and often result in the infection of large numbers of visitors before the infection is detected and removed from the Web site. In this attack, computers used by the affected employees (victims) were compromised by a drive by download attack (Microsoft, 2014) which resulted in the download of pornographic materials while they were browsing websites which, in turn, had been compromised (Anonymous, 2003). The attackers also obtained each visitor’s email address from the Web browser. Extortion emails were sent to victims demanding credit card payment of hush fees. The extortionists told the victims exactly where the contraband files were located on the computer hard drive and assured the victims that it was impossible to remove those files.Why the Problem Went Unreported17716501430655Level 3 Heading 00Level 3 Heading Anonymous (2003) discovered that he was dealing with “paranoid users who don't trust security people” (p. 1). There are many possible reasons why employees turn into paranoid users who are unwilling to self-report for security incidents, even those which are accidental. Two such reasons are enforcement of zero tolerance for violations and perceptions of unfairness or a lack of justice. 24384002040255Level 3 Heading 00Level 3 Heading Zero tolerance. The previous CISO implemented a zero tolerance policy with respect to acceptable use policy (AUP) violations (Anonymous, 2003). Under this zero-tolerance policy, a number of employees were terminated (fired), without due process or hearings to establish guilt or innocence. When employees began receiving extortion emails and threats, they believed that their jobs could be placed at risk, regardless of their innocence or guilt with respect to downloading of pornography to company computers, if they reported the presence of pornographic files (pushed to the computer by the extortionists). Perceptions of fairness and justice. When employees feel that IT policy enforcement is unfair, the situation is usually accompanied by extreme and long-lasting negative feelings or emotions (Flint et al., 2005). The overall result (consequences) in this instance was an increase in unethical behavior as victims attempted to hide or cover-up the extortion attempts (lying) rather than asking their employer for assistance and protection from harm (Moor, 1999). This undesirable result is, in part, due to the employer’s failure to consider the consequences of the application of the zero tolerance policy. Incident ResponseThe new CISO treated the extortion situation as a security incident rather than as an employee disciplinary problem (Anonymous, 2003). He and his IT Security Staff investigated the situation and learned that (a) the company’s employees regularly received such threats and (b) some of them had paid the extortionists rather than risk losing their jobs. The CISO directed the IT Security Staff to reconfigure firewalls and other network security appliances to block all further emails containing extortion keywords or from the known IP addresses for the extortionists. The CISO also met with IT staff members to determine what additional protective actions could be taken. Finally, the new CISO met with the IT staff and other selected employees to determine what actions needed to be taken to encourage employees to come forward (self-report) in the future and decrease the atmosphere of fear and distrust that he had inherited.Summary and ConclusionsIn this article, the author highlighted some of the problems that can arise when employers emphasize adherence to rules rather than seeking a balance between rules and outcomes (Anonymous, 2003). The company’s zero-tolerance enforcement of its acceptable use policy resulted in undesirable outcomes, particularly the creation of an atmosphere of fear and secretive behavior. This, in turn, resulted in employees being unwilling to report security incidents. To avoid this problem in the future, corporate management should review the potential negative consequences or outcomes of policy enforcement and address specific circumstances with compassion rather than hardline enforcement (Reynolds, 2007). ReferencesAnonymous. (2003, February 3). A sordid tale. CSO Online. Retrieved from https://web.archive.org/‌web/‌20031119054351/‌http://‌www.‌csoonline.‌com/‌read/‌020103/‌undercover.htmlFlint, D., Hernandez-Marrero, P., & Wielemaker, M. (2005). The role of affect and cognition in the perception of outcome acceptability under different justice conditions. The Journal of American Academy of Business, 7(1), 269-277.Microsoft. (2014). Microsoft security intelligence report. Retrieved from http://www.microsoft.com/security/sir/glossary/drive-by-download-sites.aspxMoor, J. H. (1999). Just consequentialism and computing. Ethics and Information Technology, 1(1), 61-69.Niki, A. (2009, December). Drive-by download attacks: Effects and detection methods. Paper presented at the 3rd IT Student Conference for the Next Generation. Retrieved from http://www.kaspersky.com/fr/images/drive-by_download_attacks_effects_and_detection_methods.pdfReynolds, G. W. (2007). Ethics in information technology (2nd ed.). Boston, MA: Thompson Course Technology.
Tech Research

Tech Research

Question # 00071652 Posted By: maniac504 Updated on: 05/19/2015 04:23 AM Due on: 05/24/2015
Subject Computer Science Topic General Computer Science Tutorials:
Question
Dot Image
I am requesting assistance with this computer science assignment
Dot Image
Attachments
Tech_Transfer_Research_Paper_-.docx (19.26 KB)
Tech_Notes.docx (58.35 KB)
Writing_Sample.docx (47.93 KB)
Tutorials for this Question
  1. neil2103
    Tutorial # 00066385 Posted By: neil2103 Posted on: 05/19/2015 05:21 AM
    Puchased By: 3
    Tutorial Preview
    The solution of Tech Research...
      Get the Solution
    Attachments
    technology_transfer_reserch.docx (21.02 KB)
  2. neil2103
    Tutorial # 00067258 Posted By: neil2103 Posted on: 05/24/2015 08:24 PM
    Puchased By: 3
    Tutorial Preview
    The solution of Tech Research...
      Get the Solution
    Attachments
    technology_transfer_reserch.revised__.docx (21.31 KB)
Whatsapp Lisa