Online discussion questions – Nov 7

Published November 7, 2016 | By Min-Seok Pang, Ph.D.

In IT Adventures Ch. 10, why did Mr. Wells, IVK’s legal counsel, request to “pull the plug”?
What would have happened if Mr. Barton pulled the plug at the request of Mr. Wells?
What would be the worst possible ramifications from the incidents in Ch. 10?
How would you explain “set up parallel systems built from development files, then switch over the those” to your non-IT boss?
What are the reasons for IVK to disclose the security incidents? What would be the reasons not to disclose?
From IT Adventures Ch. 17, What is Mr. Williams’ point with respect to his poker analogy? What is Mr. Barton’s point with respect to his risk escalator analogy?

In-class discussion questions – Week 10 (Nov 7)

Published October 31, 2016 | By Min-Seok Pang, Ph.D.

What would be the ramifications of the incident in IT Adventures Ch. 10? (Imagine the worst.)
Why did Mr. Wells, IVK VP of Legal, demand to pull the plugs?
How would you explain “wipe production servers clean, and rebuild the production configuration” (p. 170) to Mr. Williams?
Among the three options in Ch 11, What is the least costly option? What is the most costly option?
What is the most conservative option? What is the most risky option?
What are the reasons to disclose the security incidents? What would be the reasons not to disclose?

Published October 31, 2016 | By Min-Seok Pang, Ph.D.

In what ways can a relationship between a parent and a tutor go sour? How can a contract prevent or resolve it?
What are the other examples of “incentive salaries” for restaurant servers?
How would you explain the difference between a distributed denial of service (DDoS) attack and an intrusion to a non-IT boss or colleagues?
If an intrusion was indeed occurred and it was the intruder who changed the database index file, why would he/she have done it?

Published October 31, 2016 | By Min-Seok Pang, Ph.D.

Published October 24, 2016 | By Min-Seok Pang, Ph.D.

What happened at IVK on Thursday, June 28?
What are the issues with regard to disclosure?
What are the three recovery plans? What is Mr. Barton’s recommendation and why did he recommend it?
What is Mr. Williams decision?

Published October 24, 2016 | By Min-Seok Pang, Ph.D.

If you were Mr. Barton, how would you explain the situation in Chapter 10 to your CEO, Mr. Carl Williams, in English?
If you were Mr. Barton, how would you explain the situation in Chapter 10 to Wall Street analysts you’re scheduled to meet today?
Did an attacker or attackers intrude inside of IVK’s systems?
How would you explain the difference between a distributed denial of service (DDoS) attack and an intrusion?
How would you explain “transaction is jammed up” or “the database is corrupted” (p. 164-165)?
What does it mean by “Apparently a database index file had been somehow renamed, and another substituted in its place”? (p. 167)
Why can’t IVK figure out whether an intrusion occurred or something else happened?
What is the “rush-a-change-into-production” thing? (p. 166)
For Cho to find evidence of an intrusion, what does he need?
What would be the ramifications of this crash? (Imagine the worst.)
Why did Mr. Wells, IVK VP of Legal, demand to pull the plugs?
How would you explain “wipe production servers clean, and rebuild the production configuration” (p. 170) to Mr. Williams?
Among the three options in Ch 11, What is the least costly option? What is the most costly option?
What is the most conservative option? What is the most risky option?
What are the reasons to disclose the security incidents? What would be the reasons not to disclose?