HW 1 S1
Homework 1
Due a week after the first class at 11:59 pm
Read the assigned articles in D2L. Answer the questions below. The answers must demonstrate that you have substantively engaged with the material and you haven’t simply goggled the question and copy/pasted the answer.
1. Why don’t people immediately install software patches?
2. Who makes decisions that have cybersecurity effects?
3. Scenario: A patch is released for a critical security flaw in a system Alice manages. What are the benefits to the organization of installing the patch? What are the costs?
4. Scenario: Bob gets a new laptop. After he installs all the latest patches, he wonders if he should install his organization’s recommended virus scanner. What are the potential costs? What are the potential benefits?
5. What are the economic incentives for cybercrime?
6. What are the economic incentives for cybersecurity?
7. Who makes decisions in cybersecurity, and what kinds of decisions do they make? Are there people who weren’t discussed in class?
8. Are there people who don’t make cybersecurity decisions?
9. An economist recently argued that the cost of cyberattacks is so low compared to the amount of money people spend on cybersecurity, and therefore companies should not spend money on cybersecurity. Instead, they should take the cost of the attack and pay to clean up. What is wrong with this argument? What is useful about it?
10. What are some non-monetary incentives for hacking? Why do people hack?
Simulation 1
You are the Chief Information Security Officer of a small company. You have a set of controls that let you set the level of password complexity required and what websites are not allowed on company computers.
The simulation is available at the following URL:
https://wsray3.casl.umd.edu/cv313/sim03/index.html
After you set the security policy for a day, hit the submit button, and you will see the consequences of that policy, both in emails from users/stakeholders and in sales.
Use the simulation tool to try different security policies. Observe what the consequences are for different combinations of policies. Answer the questions listed below.
1. What happens when you set policies to be extremely stringent?
2. What happens when you set policies to be extremely lenient?
3. What other situations in a business context might show the same kinds of tradeoffs?
4. What situations in a home computer environment might show the same kinds of tradeoffs?
5. What indicators can a person who is trying to assess security policy use to tell if that policy is having the intended effect?
6. What, if anything, happened that you did not expect to happen in this simulation?
Page | 1