Directions: Answer all 4 activity questions and cite sources in APA format. (References should be separate for each activity not combined)
2) After watching the two videos on Vulnerability Assessment, http://www.youtube.com/watch?v=EXyl0re1MZs and http://www.youtube.com/watch?v=GqhdQ6I6dMA, how can you use this methodology to combat risk? Describe a situation where you would use it and why? What challenges would you face in using it?
3) The election is over and there are issues pending in Congress that will be addressed beginning next year. One issue that is pending is new Cyber Security legislation. There is a growing concern over terrorism and hacktivism, and one piece of legislation currently proposed is discussed in the attached article.
Please review Cyber Security Legislation document and provide your assessment of the bill’s pros/cons and the impact it will have on privacy and the Internet. Keep in mind there are other bills on this same subject that are also being proposed. Do some research and compare and contrast the intent of other pieces of cyber security legislation that are relevant to the discussion.
4) What integration issues do merging companies face? What techniques can a security professional use to ease cultural differences? How would the security professional bring together both IT teams so they feel comfortable? One of the most “invisible” barriers to success is the feeling of other IT professionals or teams “loss of control”. How can you ease fears and build a positive team?
Google will soon know far more about who you are and what you do on the Web.
The Web giant announced Tuesday that it plans to follow the activities of users across nearly all of its ubiquitous sites, including YouTube, Gmail and its leading search engine.
Google has already been collecting some of this information. But for the first time, it is combining data across its Web sites to stitch together a fuller portrait of users.
Consumers who are logged into Google services won’t be able to opt out of the changes, which take effect March 1. And experts say the policy shift will invite greater scrutiny from federal regulators of the company’s privacy and competitive practices.
FAQ: What exactly will Google be able to collect and integrate? How does this affect me?
The move will help Google better tailor its ads to people’s tastes. If someone watches an NBA clip online and lives in Washington, the firm could advertise Washington Wizards tickets in that person’s Gmail account.
Consumers could also benefit, the company said. When someone is searching for the word “jaguar,” Google would have a better idea of whether the person was interested in the animal or the car. Or the firm might suggest e-mailing contacts in New York when it learns you are planning a trip there.
But consumer advocates say the new policy might upset people who never expected their information would be shared across so many different Web sites.
A user signing up for Gmail, for instance, might never have imagined that the content of his or her messages could affect the experience on seemingly unrelated Web sites such as YouTube.
“Google’s new privacy announcement is frustrating and a little frightening,” said Common Sense Media chief executive James Steyer. “Even if the company believes that tracking users across all platforms improves their services, consumers should still have the option to opt out — especially the kids and teens who are avid users of YouTube, Gmail and Google Search.”
Google can collect information about users when they activate an Android mobile phone, sign into their accounts online or enter search terms. It can also store cookies on people’s computers to see which Web sites they visit or use its popular maps program to estimate their location.
The change to its privacy policies come as Google is facing stiff competition for the fickle attention of Web surfers. It recently disappointed investors for the first time in several quarters, failing last week to meet earnings predictions. Apple, in contrast, reported record earnings Tuesday that blew past even the most optimistic expectations.
Some analysts said Google’s move is aimed squarely at Apple and Facebook — which have been successful in building unified ecosystems of products that capture people’s attention. Google, in contrast, has adopted a more scattered approach, but an executive said in an interview that the company wants to create a much more seamless environment across its various offerings.
“If you’re signed in, we may combine information you’ve provided from one service with information from other services,” Alma Whitten, Google’s director of privacy for product and engineering, wrote in a blog post.
“In short, we’ll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience,” she said.
Google said it would notify its hundreds of millions of users of the change through an e-mail and a message on its Web sites. It will apply to all of its services except for Google Wallet, the Chrome browser and Google Books.
Still, some consumer advocates and lawmakers remained skeptical.
“There is no way anyone expected this,” said Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy advocacy group. “There is no way a user can comprehend the implication of Google collecting across platforms for information about your health, political opinions and financial concerns.”
Added Rep. Edward J. Markey (D-Mass), co-chair of the Congressional Privacy Caucus: “It is imperative that users will be able to decide whether they want their information shared across the spectrum of Google’s offerings.”
Google has increasingly been a focus of Washington regulators.
The company recently settled a privacy complaint by the Federal Trade Commission after it allowed users of its now-defunct social-networking tool Google Buzz to see contacts lists from its e-mail program.
And a previous decision to use its social network data in search results has been included in a broad FTC investigation, according to a person familiar with the matter who spoke on the condition of anonymity because the investigation is private.
Federal officials are also looking at whether Google is running afoul of antitrust rules by using its dominance in online searches to favor its other business lines.
Claudia Farrell, a spokeswoman for the FTC, declined to comment on any interaction between Google and regulators on its new privacy changes.
Reporting from Washington, 9 April 2012 — In spite of their hopes, Internet activists are finding that their efforts to keep the digital world free of further regulation did not end with SOPA’s defeat.
The Cyber Intelligence Sharing and Protection Act of 2011 is working its way through Congress, and is the latest proposed legislation to raise concerns among privacy activists. Introduced in November by Rep. Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.), the stated goal of CISPA is to create new channels for communication between government intelligence entities and private firms regarding potential and emerging cyber-security threats.
The communication would deal primarily with what the legislation deems “cyber threat intelligence,” which it defines as “information in the possession of an element of the intelligence community directly pertaining to a vulnerability of, or threat to, a system or a network of a government or private entity.”
The threats listed under the umbrella of cyber-threat intelligence include “efforts to degrade, disrupt or destroy” systems or networks, as well as “theft or misappropriation of private or government information, intellectual property or personally identifiable information.”
It’s the inclusion of intellectual property that’s a major point of contention for those looking at the bill’s broad language with a skeptical gaze. Many fear that CISPA is essentially a retooled version of SOPA, which was taken off the table in Congress after a concentrated effort by Internet giants such as Google, Wikipedia and Reddit, which either supported or held blackouts in protest of the bill.
Rainey Reitman and Lee Tien of the Electronic Frontier Foundation released a statement outlining their concerns about the inclusion of intellectual property in CISPA.
“It’s a little piece of SOPA wrapped up in a bill that’s supposedly designed to facilitate detection of and defense against cybersecurity threats. The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property. An ISP could even interpret this bill as allowing them to block accounts believed to be infringing, block access to websites like The Pirate Bay believed to carry infringing content, or take other measures provided they claimed it was motivated by cybersecurity concerns.”
Its supporters paint CISPA in another light, framing it as an essential national security safeguard and a shield against the continued targeting of U.S. businesses by “nation-state actors like China,” according to Rogers.
“Without important, immediate changes to American cybersecurity policy, I believe our country will continue to be at risk for a catastrophic attack to our nation’s vital networks – networks that power our homes, provide our clean water or maintain the other critical services we use every day,” Ruppersberger said in a statement celebrating the bill reaching 105 co-sponsors.
CISPA has the support of organizations that include AT&T, Facebook, IBM, Microsoft, Oracle, Symantec, the U.S. Chamber of Commerce, Verizon, with Facebook sending over a particularly supportive letter of endorsement.
The process by which CISPA facilitates information sharing revolves around the director of National Security, who would appoint members of the intelligence community as gatekeepers to weed through employees of firms seeking to link up with the government and grant security clearances as they see fit. The bill also would give the intelligence employee discretion to speed up the process.
Once given clearances, any concerns falling under the cyber-threat intelligence category that are exchanged between the government and private party would be “considered proprietary information” not to be divulged beyond the two parties without approval.