MIDTERM QUIZ

1. You are the CEO of a three-year-old software manufacturer that has several products and annual revenues in excess of 500 million dollars. You've just received a recommendation from the manager of software development to hire three notorious crackers to probe your software products in an attempt to identify any vulnerabilities. The reasoning is that if anyone can find a vulnerability in your software, they can. This will give your firm a head start on developing parches to fix the problems before anyone can exploit them. You're not sure, and feel uneasy about hiring people with criminal records and connections to unsavory members of the hacker/cracker community. What would you do?

=I will find and hire people that is good in hacking and people who can not share to others the information that he will discover about our software's for safety.If they can find vulnerabilities about our software I will hire people who can fix the software to back the software's guard and help the software hardened to any hackers in the future and before the other hackers exploits.


3. You are the CFO (Chief Finance Officer) of a midsized manufacturing firm. You have heard nothing but positive comments about the new CIO (Chief Information Officer) you hired three months ago. As you observe her outline what needs to be done to improve the firm's computer security, you are impressed with her energy, enthusiasm, and presentation skills. However, your jaw drops when she states that the total cost of computer security improvements will be 300, 000 dollars. This seems like a lot of money for security, given that your firm has no major incident. Several other items in the budget will either have to be dropped or trimmed back to accommodate this project. In addition, the 300, 000 dollars is above your spending authorization and will require approval by the CEO. This will force you to defend the expenditure, and you are not sure how to do this. You wonder if this much spending on security is really required. How can you sort out what really needs to be done with out appearing to be micromanaging or discouraging the new CIO?

=I will invetigate the new CIO because 300,000 dollars is very lot of money for computer security improvements if there something wrong about the new CIO I will fire him but if there's no wrong I will go to CEO to tell that 300,000 dollars is the budget for computer security improvements whats is 300,000 dollars if your computer security is very good.