Discussions

Module 1 Discussion Question

Search "scholar.google.com" for a company, school, or person that has been the target of a network 

or system intrusion? What information was targeted? Was the attack successful? If so, what changes 

were made to ensure that this vulnerability was controlled? If not, what mechanisms were in-place to protect against the intrusion.

Module 2 Discussion Question 

Search "scholar.google.com" for a company or school that has defined the role of end-users in the creation of a contingency plan. 

Discuss why it is (or is not) important to include end users in the process of creating the contingency plan? What are the possible pitfalls of end user inclusion? 

Module 3 Discussion Question 

Search "scholar.google.com" for a company or school that has reported issues, problems, concerns about their backup procedures. 

Discuss the issue of securing backups. There have been several incidents lately in which backup media containing personal customer information were lost or stolen. How should backup media be secured? What about off-site storage of backups? 

Module 4 Discussion Question 

Search "scholar.google.com" or your textbook. Discuss the technical skills required to have a CSIRT response team consisting of employees with other job duties (i.e., not a full-time CSIRT job category)? Why or why not? What factors will influence their decision? 

Module 5 Discussion Question 

Search "scholar.google.com" or your textbook. Discuss what role end-users typically play in incident reporting? Should end users be encouraged to report suspicious occurrences? If so, why; if not, why not. What factors typically influence the end-user decision to report (or not report) a potential incident?