Professional Documents
Culture Documents
Business Driven Technology 7Th Edition Baltzan Solutions Manual Full Chapter PDF
Business Driven Technology 7Th Edition Baltzan Solutions Manual Full Chapter PDF
BUSINESS PLUG-IN B6
Information Security
LEARNING OUTCOMES
1: Describe the relationship between information security policies and an information
security plan.
Information security policies identify the rules required to maintain information security, such as
requiring users to log off before leaving for lunch or meetings, never sharing passwords with
anyone, and changing passwords every 30 days. An information security plan details how an
organization will implement the information security policies. The best way a company can
safeguard itself from people is by implementing and communicating its information
security plan.
2: Provide an example of each of the three primary information security areas: (1)
authentication and authorization, (2) prevention and resistance, and (3) detection and
response.
• Authentication and authorization: Authentication is a method for confirming users’ identities.
Once a system determines the authentication of a user, it can then determine the access
privileges (or authorization) for that user. Authorization is the process of providing a user with
permission including access levels and abilities such as file access, hours of access, and
amount of allocated storage space.
• Prevention and resistance: Content filtering occurs when organizations use software that filters
content, such as emails, to prevent the accidental or malicious transmission of unauthorized
information. Encryption scrambles information into an alternative form that requires a key or
password to decrypt. In a security breach, a thief is unable to read encrypted information. A
firewall is hardware and/or software that guard a private network by analyzing incoming and
outgoing information for the correct markings.
• Detection and response: Intrusion detection software (IDS) features full-time monitoring tools
that search for patterns in network traffic to identify intruders.
CLASSROOM OPENER
GREAT BUSINESS DECISIONS – The American Express Charge Card
The product that led to the question “cash or charge?” was the American Express card, or, as
Forbes called it: “the late-twentieth-century piece of magic that replaced checks, money, and
charge accounts.” The American Express card, and every other charge card, evolved from the
company’s greatest invention, the traveler’s check, which was introduced in 1891. With an
American Express traveler’s check in hand, a visitor otherwise unknown, could obtain hard cash in
a matter of moments. It was a whole new concept, selling people the honor of being trusted, and it
caught on. The security of carrying a traveler’s check instead of cash was one of its biggest
benefits. The security of carrying a credit card instead of cash was an even bigger benefit.
American Express celebrated its 100th birthday in 1950, and its staying power can be ascribed to
its understanding that “A credit card, in short, is not a mere commodity, {but} it says something
about the person who uses it.” The company understood that the card could be considered much
more than financial security; it could be a status symbol.
CLASSROOM EXERCISE
Analyzing Your School’s Security
Break your students into groups and ask them to research and review your school’s information
security plan and policies. Have them answer the following questions:
• What did the plan address that your students found surprising?
• What is the plan missing or failing to address?
• What policies were missing or not addressed appropriately?
• What policies should be added to the plan?
• How frequently should the plan be updated?
• Who should be responsible for updating the plan?
• Who should be asked for sign-off on the plan?
• How should the plan be communicated with all students and staff?
CLASSROOM EXERCISE
Pizza Video
I've used this video in a number of classes and can relate it to a variety of topics from security and
ethics to system implementation and design
https://www.aclu.org/ordering-pizza
Ask your students the biggest security breach with this video – the user does not authentic the
caller. If the phone was stolen the order taker literally gives away all of his information.
CLASSROOM EXERCISE
Contemplating Sharing
People make arguments for or against—justify or condemn—the behaviors in the below figure.
Unfortunately, there are few hard and fast rules for always determining what is and is not ethical.
Knowing the law will not always help because what is legal might not always be ethical, and what
might be ethical is not always legal.
Information has no ethics. It depends on those who lord over the information to determine the
ethics surrounding the information. Like all information technology ethical dilemmas, it depends on
how it is used. If the user is downloading something that is not copyrighted, then the technology is
both legal and ethical. If the user is downloading something that is copyrighted, then the
technology is illegal and the behavior is unethical. Ask your students to provide a behavioral
example for each of the areas in the diagram. Discuss if you believe they are in the correct
location and how likely the students are to encounter such real dilemmas in the work environment.
CLASSROOM EXERCISE
FIRED FOR SMOKING ON THE WEEKEND
Despite data showing that each smoker costs their employer nearly $6,000 in lost productivity and higher
medical costs, employers are still bound by laws when it comes to smoker discrimination. In many states, it’s
illegal to discriminate against smokers, with worker rights advocates stating that employers have no
jurisdiction over what an employee does after work hours.
Some companies have begun to find ways to work around the law, including refusing to hire anyone with
traces of nicotine in their urine during routine drug testing. Other companies, fearing the legalities of such
hiring practices, have taken trickier measures to get around the law, such as banning smoking while within a
certain number of feet of the building, even if the employee is in their car. But whatever issues a business
faces involving its smokers, it’s important to be aware of a business’s rights when it comes to hiring, firing,
and disciplining nicotine-addicted workers.
Firing Smokers
In many cases, employers have no idea whether an employee smokes until that employee is on staff. Once
an employee has been identified as a smoker, firing that employee can be tricky. In some cases, courts have
upheld employers’ decisions to dismiss employees for smoking, even when the activities are taking place
after hours. The argument in many of these cases centers on health insurance premiums, which can be
higher for all employees, even if only some employees smoke.
Instead of firing employees, some workplaces are finding it far more valuable to implement smoking
cessation programs. These programs support workers in their attempts to quit smoking by offering seminars,
counseling, and substantial discounts for cessation aids like prescription medications and patches.
Workplaces have also found that tying their wellness programs into their insurance plans allows them to
reward those workers who take measures to get healthy with lower premiums, rather than punishing the
employees who smoke.
• Ask your students if they agree that employees should be fired for smoking cigarettes on the
weekend?
• If marijuana is legal in a state such as Colorado does the employer have a right to fire the employee
for using marijuana on the weekend?
• If an employer is looking at your social media and sees a photo of you smoking a cigar at a bachelor
party does the employer have the right to fire you?
• How do social media websites and surveillance devices impact employee’s privacy?
CLASSROOM EXERCISE
Doodling Password
Passwords are the first line of defense in protecting data, but strong passwords aren't enough. Users must
carefully guard their passwords and connections. For instance, administrators and technicians should be
subject to the same rules as users. In short, anyone with access to any part of the system should follow the
same general password guidelines.
Confidentiality
Some rules regarding passwords seem obvious, but don't take anything for granted. All password policies
should state the following in some form:
• Users should never share passwords with anyone else by speaking, writing, e-mailing, hinting at, or
blatantly supplying any password. In some cases, this might even apply to sharing a password with
in-house personnel such as a coworker, a direct supervisor, or even a head honcho. Help clients
decide how strictly they want to enforce this rule in-house.
• Users should never share passwords with other users who need to access your accounts in your
absence. If users need access to your data, they should arrange with their in-house administrator or
you to create a temporary account with the appropriate permissions.
• Users should never write down their passwords and leave them visible or easily accessible. That
includes taping the list to the back of a monitor or the bottom of a keyboard or thumbtacking it onto a
bulletin board. Also, don't leave a list of passwords in an unlocked desk drawer or file cabinet.
Protection
Passwords slow down a would-be data thief, whether they're internal or external, but systems also need to
react appropriately to a possible invasion. Help clients adopt the following policies, as appropriate:
• A good guess at a password can get an intruder into your system quicker than you might think. Limit
the number of times users can attempt to log on. You can help clients determine the right number
(it's usually between three and five). Once the user reaches the log on limit, the system should
automatically lock out the user for several minutes. The user can try again later or contact their in-
house administrator (or you) to release the account.
• Users should not use the following pieces of data when creating passwords (if the client's system
allows users to create their own passwords):
• Any part of their name or their account name; any part of any family members' names; any part of a
pet's name; any part of the company's name; any part of your name or your consultancy's name. In
short, no names, period.
• Any part of their social security number; any part of anyone's social security number.
• Any part of their birth date; any part of anyone's birth date.
• Any portion or their address; any portion of the company's address; any portion of your address.
• No nicknames
• No slogans, logo text, company jingles, and so on
Access
An active connection requires no password — the user has already gone through the process of entering
their password to gain access. Anything that user can access is vulnerable if they leave their system
unattended. For that reason, it's imperative that users log off the network when they're done working or even
if they leave their workstation for a few minutes. Here is possible logging out rules clients may want to enforce
in a policy:
• Users should never leave an active connection unattended.
• Users should log off their network account when done working for the day.
• Users who store confidential data locally should never leave their systems unattended, even if their
confidential files are password protected. You can help users by enabling a password-protected
screen saver on their systems.
• Users who store confidential data locally should log off their PCs when done working.
Creating a strong password is becoming a work of art. That unique combination of 10 alphanumeric letters
and numbers can be a daunting task to remember. Ask your students how they currently create passwords,
and more importantly, how are they remembering them?
CORE MATERIAL
The core chapter material is covered in detail in the PowerPoint slides. Each slide contains detailed
teaching notes including exercises, class activities, questions, and examples. Please review the
PowerPoint slides for detailed notes on how to teach and enhance the core chapter material.
1. FIREWALL DECISIONS
Project Purpose: To analyze a business decision regarding firewalls
Potential Responses: The total cost of the investment for three years is $125,000 (80 + (15
*3)). The company is currently losing $250,000 per year resulting from viruses and hackers.
Although the firewalls will only protect against 97 percent of hackers, it should be clear that
buying the firewalls is the best business decision.
1. Authentication and authorization - something the user knows such as a user ID and
password, something the user has such as a smart card or token, something that is part of
the user such as fingerprint or voice signature
2. Prevention and resistance - content filtering, encryption, firewalls
3. Detection and response – antivirus software
THE END
SIX LITTLE BUNKERS SERIES
By LAURA LEE HOPE
Author of “The Bobbsey Twins Books,”
“The Bunny Brown Series,”
“The Make-Believe Series,” Etc.
Delightful stories for little boys and girls which sprung into
immediate popularity. To know the six little Bunkers is to take them at
once to your heart, they are so intensely human, so full of fun and
cute sayings. Each story has a little plot of its own—one that can be
easily followed—and all are written in Miss Hope’s most entertaining
manner. Clean, wholesome volumes which ought to be on the
bookshelf of every child in the land.
SIX LITTLE BUNKERS AT GRANDMA BELL’S
SIX LITTLE BUNKERS AT AUNT JO’S
SIX LITTLE BUNKERS AT COUSIN TOM’S
SIX LITTLE BUNKERS AT GRANDPA FORDS
SIX LITTLE BUNKERS AT UNCLE FRED’S
SIX LITTLE BUNKERS AT CAPTAIN BEN’S
SIX LITTLE BUNKERS AT COWBOY JACK’S
THE BOBBSEY TWINS BOOKS
For Little Men and Women
By LAURA LEE HOPE
Author of “The Bunny Brown” Series, Etc.
In this fascinating line of books Miss Hope has the various toys
come to life “when nobody is looking” and she puts them through a
series of adventures as interesting as can possibly be imagined.
Updated editions will replace the previous one—the old editions will
be renamed.
1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the terms
of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.
• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”
• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.
1.F.
1.F.4. Except for the limited right of replacement or refund set forth in
paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.