Week 09 – IT Risk Management
Online discussion questions – Nov 7
- In IT Adventures Ch. 10, why did Mr. Wells, IVK’s legal counsel, request to “pull the plug”?
- What would have happened if Mr. Barton pulled the plug at the request of Mr. Wells?
- What would be the worst possible ramifications from the incidents in Ch. 10?
- How would you explain “set up parallel systems built from development files, then switch over the those” to your non-IT boss?
- What are the reasons for IVK to disclose the security incidents? What would be the reasons not to disclose?
- From IT Adventures Ch. 17, What is Mr. Williams’ point with respect to his poker analogy? What is Mr. Barton’s point with respect to his risk escalator analogy?
In-class discussion questions – Week 10 (Nov 7)
- What would be the ramifications of the incident in IT Adventures Ch. 10? (Imagine the worst.)
- Why did Mr. Wells, IVK VP of Legal, demand to pull the plugs?
- How would you explain “wipe production servers clean, and rebuild the production configuration” (p. 170) to Mr. Williams?
- Among the three options in Ch 11, What is the least costly option? What is the most costly option?
- What is the most conservative option? What is the most risky option?
- What are the reasons to disclose the security incidents? What would be the reasons not to disclose?
Online discussion questions – Oct 31
- In what ways can a relationship between a parent and a tutor go sour? How can a contract prevent or resolve it?
- What are the other examples of “incentive salaries” for restaurant servers?
- How would you explain the difference between a distributed denial of service (DDoS) attack and an intrusion to a non-IT boss or colleagues?
- If an intrusion was indeed occurred and it was the intruder who changed the database index file, why would he/she have done it?
Week 9 – IT Risk Management – class slides and video (UPDATED)
How Target Blew It – BusinessWeek (http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data)
Week 9 – IT Adventures Ch. 10 and 11 – Brief Guidelines
- What happened at IVK on Thursday, June 28?
- What are the issues with regard to disclosure?
- What are the three recovery plans? What is Mr. Barton’s recommendation and why did he recommend it?
- What is Mr. Williams decision?
In-class discussion questions – Week 9 (Oct 31)
- If you were Mr. Barton, how would you explain the situation in Chapter 10 to your CEO, Mr. Carl Williams, in English?
- If you were Mr. Barton, how would you explain the situation in Chapter 10 to Wall Street analysts you’re scheduled to meet today?
- Did an attacker or attackers intrude inside of IVK’s systems?
- How would you explain the difference between a distributed denial of service (DDoS) attack and an intrusion?
- How would you explain “transaction is jammed up” or “the database is corrupted” (p. 164-165)?
- What does it mean by “Apparently a database index file had been somehow renamed, and another substituted in its place”? (p. 167)
- Why can’t IVK figure out whether an intrusion occurred or something else happened?
- What is the “rush-a-change-into-production” thing? (p. 166)
- For Cho to find evidence of an intrusion, what does he need?
- What would be the ramifications of this crash? (Imagine the worst.)
- Why did Mr. Wells, IVK VP of Legal, demand to pull the plugs?
- How would you explain “wipe production servers clean, and rebuild the production configuration” (p. 170) to Mr. Williams?
- Among the three options in Ch 11, What is the least costly option? What is the most costly option?
- What is the most conservative option? What is the most risky option?
- What are the reasons to disclose the security incidents? What would be the reasons not to disclose?