Reference no: EM131898221

Part 1: What Would You Do? Scenario #3

The purpose of this exercise is to practice integrating ethics into the decision-making process by addressing Internet crime.

On page 119 of the textbook, review scenario #3. Describe how you would handle this scenario using the five-step decisionmaking

process provided in the textbook. Your response to Part 1 should be at least one page.

3. You are a member of the Human Resources Department of a three-year-old software manufacturer that has several products and annual revenue in excess of $500 million.

You've just received a request from the manager of software development to hire three notorious crackers to probe your company's software products in an attempt to identify any vulnerabilities. The reasoning is that if anyone could find a vulnerability in your software, they could.

This will give your firm a head start on developing patches to fix the problems before anyone can exploit them. You're not sure, and you feel uneasy about hiring people with criminal records and connections to unsavory members of the hacker/ cracker community. What would you do?

Part 2: Case #1 - Defending Against Distributed Denial-of-Service Attacks

The purpose of this exercise is to think critically about ethical considerations for an IT-related scenario on denial-of-service attacks.

On pp. 120-121 of the textbook, analyze Case #1. Answer the discussion questions that follow the case, and reference the specific ethical approaches (see page 22 in the textbook) that inform your answers. Your response to Part 2 should be at least one page.

. Defending Against Distributed Denial-of-Service Attacks A DDoS attack can easily cost an organization tens of thousands of dollars per minute in lost revenue and worker productivity.

In addition, in the fallout from such an attack, an organization may find its customers switching to competitors due to a loss of confidence resulting from the bad publicity. Financial and travel service firms and various e-commerce Web sites are frequent targets of DDoS attacks. During the fall of 2012, powerful DDoS attacks were directed at the Web servers of several major U.S. banks.

The DDoS attack directed 65 Gbps of data traffic at each bank server-the network equivalent of an F5 hurricane-effectively making the server inaccessible to customers. The attack repeated itself at one bank after another. Over the course of a few weeks, Bank of America, Capital One, JPMorgan Chase, PNC Financial Services, Regions Financial, Sun Trust, US Bank, and Wells Fargo were all hit.

Particularly alarming is that the banks were not able to completely fend off the attacks-the attackers simply stopped on their own to avoid being iden- tified. The parties responsible for these attacks have not been positively identified, but suspects include Hamas, an Islamic group called the Izz ad-Din Al-Qassam Cyber Fighters, the hacktivist group Anonymous, cybercriminals based in Eastern Europe, and hackers in Saudi Arabia and Iran.

44 SpaFinder is a spa and wellness company that sells spa, wellness, and beauty gift cards and rewards programs that draw millions of clients to its global network of spas, fitness studios, and wellness practitioners.

45 A recent DDoS attack hit SpaFinder's 24/7 call center, making it impossible for customers to access the Web site to view content, make purchases, redeem gift certificates, or spend rewards points. SpaFinder's Web hosting service was unable to deal with the attack. In desperation, SpaFinder technical support people contacted a DDoS mitigation service company that was able to get their site back up and running in less than 24 hours.

46 DDoS mitigation service organizations monitor clients' network equipment for signs of a DDoS attack. If such an attack is detected, all traffic is rerouted from the client Web site to the service provider over a dedicated high-speed network link for traffic "scrubbing." This process allows the service provider to use powerful servers to inspect the data traffic for anomalies.

All legitimate traffic is forwarded back to the customer for routine processing; all attack traffic is dropped. In addition to contracting with a DDoS mitigation service provider, security experts recom- mend that organizations (1) develop and practice a standard operating procedure to follow in the event of a DDoS attack; (2) maintain contact information for their ISP and hosting providers that includes names and phone numbers for whoever should be contacted during a DDoS attack and what information they will need; and (3) prioritize network services to identify what services could be turned off or blocked if needed to limit the effects of the attack.

Discussion Questions

1. Outline a quantitative approach for justifying the use of a DDoS mitigation service to protect an e-commerce company such as SpaFinder. Can you identify any nonfinancial reasons to subscribe to a DDoS mitigation service? If so, what are they?

2. Identify three potential kinds of DDoS attackers of an e-commerce company such as SpaFinder. What would be the motive for each of these attackers?

3. Do research on the Web to find three DDoS mitigation service providers. How are their services similar? How are they different? Which DDoS service provider do you think is the best?

You will combine both Part 1 and Part 2 together in one document and submit it for grading .

your responses as Part 1 and Part 2. Cite the textbook in APA on a reference page for this assignment. The reference page does not count toward meeting the total page requirement for this assignment.