PART A

Now that you have started to read the book and think about infosec, possibly in a different way than before, think about the following questions…

In your everyday environment (at work, out shopping, in a public place, etc.), have you ever noticed something insecure? And if so, what? In other words, have you seen something (anything) where you just said to yourself, “A person could exploit that in about five seconds and cause some real problems”? What would/did you do?

“I am not asking this so that you can take potshots. I live life as a professional paranoid (although I try not to let that creep into my personal life!), looking for ways in which I can exploit systems. That’s part of what you will need to do, as well…. in order to secure a system, you need to think *not* like a defender, but like an attacker… and there is always a weakest link.” ~ comment from Course Developer

Discuss and interact regularly with your classmates, bringing the discussion to a close by the end of Week 2.

PART B (respond to following discussion)

1.The first thing that comes to mind when I think about infosec is the whole life insurance policy I bought last Tuesday. The agent came into my home, pulled out her tablet, connected to the internet through her personal hotspot. I took immediate notice of this and asked if she needed to connect to my connection. I then proceeded to ask her what kind of controls are used to protect my data, my social security number, my income, full address and my beneficiary’s social security number are now on her tablet connected to a hot spot from her phone. She was not able to provide me an answer. She said she really had no idea what kind of procedures were in place. She also stated that she almost never connects to anyone’s in home Wi-Fi, or places that offer such as Starbucks. This young lady is a product of the information generation, she has the world at her fingertips. I bet she thinks about how to protect customers PII now. In addition to our credit being vulnerable if their systems are hacked, there could also be HIPPA violations as you know, there are a lot of health questions involved when purchasing life insurance.

Another thought while reading the first chapter of the text, who guards the planes overnight! Never crossed my mind until I read that in the book and now just another stressful thought when entering an airport. I especially like the eye opening in the first chapter discussing the bank, military base and hospital. Many people enter hospitals everyday for various reasons. We trust the staffs inside to heal us and our loved ones. In early 2003, I went through a very life saving surgery where an entire organ was removed. I was young and very much interested in the medical of it all. I asked if I could have the organ, you know in a sealed jar. They said no, it is going to research at the University of Florida. I never questioned another thing about it. After reading the hospital section of chapter one, I now wonder if my privacy was ever violated. If my name and information was somehow not encrypted on the files and specimens.

2. There are multiple examples of security flaws that I have seen- data breaches, PII passed unencrypted, computer screens being left unlocked, long & less secure password requirements etc. However, the first one that came to mind was supervisory control and data acquisition (SCADA) systems. Concerns the security of these critical infrastructure systems has been around for years, however not much progress has been made. In fact, SCADA systems are becoming more vulnerable as more of these systems use commercial IoT technology and cloud-computing services and an attack could lead to disastrous effects on the public (Do, 2017). For instance, back in 2008, a teenager in Poland derailed four trams after hacking into SCADA equipment using a modified television remote control (McCarthy, 2013). These threats could be mitigated by using a combination physical and software security measures to provide authentication and accountability (Al Hamadi, Yeun, & Zemerly, 2013) or through SSL/TLS methods (Patel, 2008).

Another example is how the U.S. uses credit card chips. On a recent trip to New Zealand, I noticed that whenever I used a card with a chip reader, I had to sign the receipt, which confused the local vendors. Turns out in their country, they use the more secure Chip-and-Pin option instead of Chip-and-Signature because anyone can forge a signature, and most cashiers do not verify if your signature matches the one on the card (Harkness, 2018).

References

Al Hamadi, H. M., Yeun, C. Y., & Zemerly, M. J. (2013). A Novel Security Scheme for the Smart Grid and SCADA Networks. Wireless Personal Communications, 73(4), 1547-1559. doi:10.1007/s11277-013-1265-y

Do, V. L. (2017). Security of SCADA systems against cyber–physical attacks. IEEE Aerospace and Electronic Systems Magazine, 32(5), 28-45. doi:10.1109/MAES.2017.160047

Harkness, B. (2018, August 08). Chip Credit Cards: EMV, Chip-and-PIN, and Chip-and-Signature. Retrieved from Credit Card Insider: https://www.creditcardinsider.com/learn/chip-and-s…

McCarthy, J. &. (2013). SCADA threats in the modern airport. International Journal of Cyber Warfare and Terrorism (IJCWT), 3(4), 32-39. Retrieved from https://search-proquest-com.ezproxy.libproxy.db.er…

Patel, S. C. (2008). Securing SCADA systems. Information Management & Computer Security, 16(4). Retrieved from https://search-proquest-com.ezproxy.libproxy.db.er…

 

"If this is not the paper you were searching for, you can order your 100% plagiarism free, professional written paper now!"