Effects of Technology

Discussion Questions

1. Imagine that you are designing a smishing scam that involves sending text to people to entice them to go to a website and provide personal information that you can use to access their checking account.
   • Open a new Microsoft® Word document and craft a text message that would be difficult for people to ignore.
   • Design a simple web page that would look legitimate to people who bank at your bank and that would capture their checking account number and PIN.
2. A successful DDoS attack requires the downloading of software that turns unprotected computers into zombies under the control of the malicious hacker. Should the owners of the zombie computers be tracked down, identified, and fined or otherwise punished as a means of encouraging people to better safeguard their computers? Why or why not?
3. Briefly describe the difference between a risk assessment and an IT security audit.
4. Identify and briefly discuss a real-world example of a legitimate organization using spam in an effective and nonintrusive manner to promote a product or service.
5. Briefly describe the difference between reasonable assurance and risk assessment.
6. Some IT security personnel believe that their organizations should employ former computer criminals who now claim to be white hat hackers to identify weaknesses in their organizations’ security defenses. Do you agree? Why or why not?
7. The National Security Agency (NSA) works to detect and prevent threats to National Security Systems, which includes systems that handle classified information or are otherwise critical to military or intelligence activities. The NSA plays a vital role in our national security by providing America’s leaders with critical information they need to defend our country, save lives, and advance U.S. goals and alliances globally. Tailored Access Operations (TAO) is a group of super hackers within the NSA that collects intelligence about foreign targets by breaking into their computers, stealing data, and monitoring communications. TAO is also responsible for developing programs that could destroy or damage foreign computers and networks via cyberattacks if commanded to do so by the president. What sort of personal characteristics would be important in selecting a candidate for the NSA super-secret Tailored Access Operations organization? What would be some of the pros and cons of such a position? Would you consider taking such a position? Why or why not?
8. Hundreds of a bank’s customers have called the customer service call center to complain that they are receiving text messages on their phone telling them to access a website and enter personal information to resolve an issue with their account. What action should the bank take?
9. How would you distinguish between a hacktivist and a cyberterrorist? Should the use of hacktivists by a country against enemy organizations be considered an act of war? Why or why not? How about the use of cyberterrorists?