INFA660 - Exam question and answer PDF

Preview

Summary

Exam question and answer ...

Description

1. Computer Fraud and Abuse Act (CFAA) This key cybersecurity law makes it a federal crime to intentionally access a computer without authorization or to exceed authorized access. Explain the issue(s) presented by the CFAA term, “authorization,” using recent example(s), and how it could be improved/corrected.

Computer Fraud and Abuse Act (CFAA) One of major problem in CFAA is in the language that used for broader interpretation. It never defines the authorization and prohibits computer accessing without authorization. Another issue is the criminal activities that are exceeding day-by-day and the reason is the open interpretation that’s why everyone could potentially break this law. For example, a debate held which entitled with “whether or not using Facebook at work”, that is the CFAA’s violation, when it comes to a prohibited activity by company/organization. Apart from criminal activities from general public, the law (CFAA) creates a variety of difficulties for a number of general public to do their jobs such as a class of security researchers find to claimed that they are on risk of being charged under the law of CFAA for professional purpose of password strength testing and as well as for security flaws research. One of the most prominent cyber-criminal case (Dave Smith, 2013) was of a computer researcher, programmer and hacker, “Aaron Swartz”, the CFAA law charged him being accused of unauthorized use of someone data. CFAA charged him for bulkdownloading of journal articles using a hidden computer in closet of MIT. He potentially faced 35-year of prison and some hefty fines as well.

The issues in this law can improve by taking some initiatives such as Congress could use its powers by focusing on resources of federal enforcement law on threats related to international and inter-jurisdictional. Additionally, fiscal restraint usually makes risky and expensive international investigations which are hardly justified. The policy federalism should be pursue by Congress which would allow law enforcement agencies to take care of increasing cyber-crimes and take responsibility for prohibits such purely domestic malicious cyber activities. All these suggestion would make resources of federal law enforcement agencies more available for clear and ambitious investigations which strongly implicate the federal government powers.

2. Bring Your Own Device (BYOD) and Acceptable Use BYOD means that devices employees own are being used for work. Discuss how an organization can/should manage the use of personal devices. What are the most important restrictions the organization can impose on work use? On personal use? Why are these limits important? How can they be established and enforced?

Bring Your Own Device (BYOD) and Acceptable Use Using the personal devices designate the expensive work of reimbursement, that means either business tracking or prorating user’s singular portion of monthly phone/internet bills keep the details transparently. The transparent details of user’s billing including cell phone and internet are not surprising, especially important for internationally travelling employees for business (Lisa, 2012). The organization could manage the use of personal devices by restricting employees to use only authorized software those wanted to use personal devices (computers and mobiles) at workplace. The IT department and

supervisor should be authorized to approve the usage of personally owned devices with an authorized access. The IT department must prohibits the users to follow the same rules while accessing their own devices and organization-issued devices. There should not be any relaxation of using service as part for law violation. The user would not allow to violate the security of any network or some other user, and discourage the junk/spam mails attempts. An organization can restricts the unauthorized use of their network by setting up a virtualdesktop-infrastructure which is a protocol for managing the data of an organization from personal unauthorized access. This will ensured the protection of data from outside access, and keeps the data of personally owned devices of users safe and private. The information security and tools that are created to store and distribute the information are vitally long-term health of an organization. Establishing BYOD and acceptable use policy for an organization is for the purpose of understanding the employees and make them participate for encouraging them to take proactive techniques. Such approaches can encourage employees to potentially identify the problems and report such things to supervisor to get a satisfactory solution.

References Curtiss, Tiffany. "Computer Fraud and Abuse Act Enforcement: Cruel, Unusual, and Due for Reform", 2016. Dave Smith, Aaron Swartz Case: U.S. DOJ Drops All Pending Charges Against The JSTOR Liberator, Days After His Suicide, International Business Times, 2013. Lisa Ellis; Jeffrey Saret; Peter Weed. "BYOD: From company-issued to employee-owned devices", 2012....