Lecture # 9 (Part 2) Sony Reels from Multiple Hacker Attacks

Question 1:

Do some research on the Sony PSN debacle. What are the new cost estimates for the incident? How many customers have left Sony because of the incident? Have there been any reports of fraudulent use of identities obtained from the hack? Has Sony’s PlayStation Network being hacked again?

The costs from the PlayStation Network hack are expected to total $171 million. It was reported that Sony PSN has loses 10% of the existing customers. As at today, there is no any reports of fraudulent use of identities obtained from the hack and no Sony’s PlayStation Network reported being hacked again

Question 2:

Gaming and virtual services on the Internet, like Sony’s PSN, World of Warcraft, and Second Life, boast millions of users. For each user, this service must store credit card information. What must these organizations do to protect the private information of their customers? Is it even reasonable to assume that any organization can have protection measures in place to stop the world’s best hackers?

The organization must have a strong security barrier against the potential hacker or other potential risk. The organization should have a better system and firewall to protect the information. In the meantime, it is not reasonable that to assume that any organization can have protection measures in place to stop the world’s best hackers because we cannot predict when the hackers will attack the system again. No matter how well any protection measures taken, there is a potential risk that the system is being hacked.

Question 3:

If an extremely intelligent hacker is caught by a law enforcement agency, should that hacker be prosecuted and sent to jail? Is there perhaps way that the hacker might be “turned’ for the good of the digital world? What would that be?

Law being law and there is no one can escape once committed a crime, therefore the hacker should deserve the punishment. However, the hacker can be "turned" for the good of the digital by helping organization to strengthen the security system using his/her hacking knowledge. Perhaps, they can join a anti-virus software company make good use of their knowledge.  

Question 4:

Every survey taken of business regarding data breaches has found that many businesses are reluctant to publicly announce a data breach. Further, most business will downplay the significance of the breach. Why do organizations behave like this? What is there to gain by not operating in a transparent fashion? Is this an ethical issue, a legal issue or both?

This is because announcing the breach will affects the business and the customers will loss their confidence to the company's services. Other than covering a problem temporary, there is nothing a company can gain by not operating in a transparent fashion. This matter involved both legal and ethical issue. 

Question 5:

What’s your personal identity theft story? Has someone used your credit card fraudulently? How many phishing emails have you received in the last year? How often do you check your credit card report?

So far there is no any personal identity theft story  experience. As such, no one has used my credit card fraudulently. There are around two or three phishing emails received last year. I will check my credit report twice a year.

Lecture # 9 (Part1) - Sexting Now Almost Commonplace

Question 1

Adult sexting is perfectly legal, as it is the sharing of sexually explicit content between two consenting adult. But what about teen sexting – should that be legal? If a 16-year-old boy sends a sext to his 16-year-old partner, should that be considered child pornography? Why or why not?

Teen sexting is a highly controversial topic. Although many teens are sexually active, teen sexting should be illegal. Sexting is currently illegal under federal law. It falls under the creation, distribution, and possession of child porn and is a felony offense. This is because   teenagers do not have the emotional maturity to sext appropriately. Moreover, taking, possessing, and posting sexually explicit photographs of teenagers under the age of 18 is a form of pornograph.

 

Question 2

If you refer back to Figure 8.1 on page 228, where would you place adult sexting – a minor ethical violation, a serious ethical violation, or a very serious ethical violation? What circumstances – consequences, society’s opinion, likelihood of effect, time to consequences, relatedness, and reach of result – might move adult sexting from a minor ethical violation to a serious ethical violation and then finally on to a very serious ethical violation?

 

Adult sexting ethics are situational and subjective. Adult sexting between unmarried lovers is a serious ethical violation from a Christian standpoint. Conservative people may believe unmarried couples should abstain from sexual activities until after marriage. Some liberal people would likely view premarital sexting activity as only a minor ethical violation. People who are open minded, however, would not view sexting between unmarried lovers as a serious ethical violation.

Married couples can ethically engage in sexting activities. However, some conservative people might think the explicit language commonly used in sexts is a minor ethical violation.

 

 Typically, the ethical implications of sexting decrease when the circumstances shift from premarital sexting to marital sexting. The exception to this statement is when married couples use sexting to engage in extramarital affairs. Although some adults maintain open marriages, most people agree extramarital sexting is a very serious ethical violation. The severity of this violation increases when one spouse engages in explicit extramarital sexting without the husband or wife’s consent. The severity of the ethical violation would peak at a married adult engaging in explicit extramarital sexting with a minor. When a minor becomes involved in adult sexting activities, both ethical issues and legal issues arise

Question 3

Consider the whole notion of power being tied to sexting, flirting, and cheating. From a psychological point of view why might this be true? Do some research into Tiger Woods's troubles with extra-marital affairs. Could his cheating be tied to his position of power? Is “power” and the temptations that go with it an excuse for such behaviour?

Certainly, one’s position of or craving for power is related to one’s willingness to engage in sexting activities. People in positions of power feel they are above the law. Powerful people, such as athletes, celebrities, and politicians, often think they can engage in scandalous activities without getting caught or punished. For this same reason, many powerful people engage in extramarital affairs. These cheaters believe they are not or should not be bound to the traditional rules of marriage. Tiger Woods is a perfect example of this fact. Woods has proclaimed adamantly his love for his ex-wife. Nevertheless, Woods has used his celebrity status and power to engage women in sexually explicit behaviors and extramarital affairs. According to an article, Woods reportedly confessed to sleeping with 120 women. 

Wood’s cheating is tied directly to his position of power. First, many of Woods’ mistresses would not have engaged in sexual activities with Woods had he not been a powerful, wealthy celebrity. Second, Woods would not have had the means to woo so many mistresses had he not been a wealthy, powerful person. Woods has admitted to flying women on private jets to meet him in private hotels and resorts. Finally, although Woods clearly has sexual issues, he likely felt entitled to his affairs due to his power and status. In fact, Woods believed he could resolve the cheating issue with his wife by flaunting his wealth and power. Following the scandal, Woods reportedly told a friend, “I need to run to Zales and get a Kobe special—a house on a finger”. Woods’ quote references NBA superstar Kobe Bryant’s extravagant gift to his estranged wife following his cheating scandal

Another provocative aspect of the power-cheating connection is the wife’s response to the scandal. Interestingly, after receiving her expensive gift, Bryant’s wife chose to stay married to Bryant. Woods was not so lucky. However, even in light of the gross cheating allegations, Woods’ wife, Elin Nordegren, was hesitant to leave her husband.

Seemingly, even the wives of powerful men are willing to bend the marital rules for philandering husbands in order to continue living luxurious lives. Many wives chose to ignore the signs of affairs and to live in blissful ignorance. Unfortunately, this well-known mindset further enables powerful men to engage in unethical behaviors.

Power is never an appropriate justification for corrupt actions. Using power to solicit women or to engage in extramarital affairs is abuse of power. Even though conducting extramarital affairs and communicating with paramours through electronic affairs are not illegal activities, these activities are highly unethical. Thus, people engaging in such behaviors should be removed from their positions of power.

Question 4

What role can and should employers play in limiting (perhaps eliminating) sexting in the workplace? What about employee-to-employee sexting? What about employee-to-customer sexting? Regarding the latter, what sort of legal liability does an organization have if an employee sends an unwanted and unwelcome sext to another employee or to a customer?

If a company’s employer does issue phones and tablets to your employees there are some steps you can take to help prevent sexting and other unwanted behavior. First, you can notify your employees that anything they send over employer-issued devices will be made available to you. You should eliminate any expectation of privacy that your employees have over the device. You may also want to install a security application in the device that records keystrokes and data uploads and notify your workers that you installed the application. Company phones are your property and you have the right to take these steps so long as you let your employees know about your monitoring and eliminate their expectations of privacy.
If recording your employee's keystrokes seem too harsh or invasive, you can take a different approach by simply educating your employees about the dangers of texting including the legal troubles they can get into. It can help to include examples in your presentation of seemingly smart workers who got into trouble after sexting.

Employee-to-customer sexting can destroy the business relationship between both parties. There is no legal liability for the company, but it will have business or financial liability. This is because the liability of sexting should fall under individual liability. However, sexting will definitely jeopardize the business partnership.

Lecture # 8 (Part 1) Public "Personal" Clouds

Question 1:

Do some research on Amazon’s Cloud Drive.  What is the amount of free storage space? What is the annual cost for additional storage? What about Apple’s iCloud? Is it still free? Does Microsoft charge anything for use of its SkyDrive cloud service?

Amazon is currently having a free 5 GB storage space, the annual cost for additional storage is starting from $10 annually depending on the usage size. 

For Apple's iCloud, it offers 5GB of free storage and charges according with the extra storage.

For Skydrive, it offers 7GB free and additional charges are depending to the capacity by annually basis. For example, 20GB for USD 10 per year, 50GB for USD 25 per year and 100 GB for USD 50 per year

Question 2:

Putting all your personal information in the cloud means letting go of some control over information like your tax files, personal photos that you might not want anyone else to see, term papers you’re currently writing, and so on. What is your level of concern for the security of these personal digital assets in the cloud? Explain why your level of concern is high or low

My level of concern is very high. This is because all the information stored are private and confidential. If the information was stolen, it will not only loss of data but also potentially monitory loss due to personal information being stolen and causes unnecessary inconvenience.

Question 3:

As we move more of our personal storage needs to the cloud, will computers really need disk storage space? Is it possible that we’re in the early stages of an outrageous industry transformation? Who are the major manufacturers of disk storage for personal computers and laptop?

Even though  we move more of our personal storage needs to the cloud, we still need disk storage space for backup or other purposes. We are already in the early stages of an outrageous industry transformation. 

The major manufacturers of disk storage for personal computers and laptop are Seagate, Western Digital, Kingston, and Toshiba

Question 4:

If you choose to store all your personal information in the cloud, you’ll need a personal continuity plan, much like organizations have business continuity plans in case of some sort of disaster. Suppose that right now you begin storing all your personal information, what will you also back up onto a flash drive? How often would you perform the backup information on your computer’s hard drive?

For the information store in the cloud, i will backup all the information in my flash drive. Depends on the whether there is any update and changes, i will normally backup the information once a month. For information in the computer's hard drive, i will backup it once a week.

Question 5:

Do some research on personal cloud providers. What sort of service level agreement (SLA) do they offer? Are you willing to store your information with a personal cloud provider that offer no SLA? Why or why not.

A service-level agreement (SLA) is a part of a service contract where a service is formally defined. In practice, the term SLA is sometimes used to refer to the contracted delivery time (of the service or performance). As an example, Internet service providers and telcos will commonly include service level agreements within the terms of their contracts with customers to define the level(s) of service being sold in plain language terms.

I will not store my information with a personal cloud provider that offer no SLA. This is because SLA will state clearly that the roles and responsibilities of a provider including the duty to keep the information in a secure way. Without SLA, it is definitely no favour to the customers because the services are not stated clearly

Lecture #8 (Part 2) - Denver Health Operates with a private cloud and thin clients

Question 1: Privacy laws and regulations require medical facilities to take measurable steps to ensure the confidentiality of patient information. From this case study, can you tell what Denver Health has done to ensure the confidentiality of its patient information?

Denver Health did create security measures to ensure that only the proper people can access the information. Doctor’s and nurses when they first arrive to work they sign on by inserting a smart card which contains that doctors or nurses credentials, once the smart card is inserted the end user still also has to supply their login and password. The help ensures that if a card is lost or stolen a random person or a different doctor or nurse is not able to use and look at other patient information.

Question 2: Think about your school, how could it use the ThinIdentity solution to support the technology needs of (1) faculty and (2) students such as yourself?

It can help institutions allocate consumption of resources (chargeback) by different services or departments to better prioritize IT spend. By taking advantage of the private cloud across servers, desktops, and applications, education institutions can:

-          reduce cost. Help reduce physical server sprawl and total cost of ownership of hardware

-          simplify desktop management. Provide optimal desktop solutions for different user needs, while reducing IT complexity

-          improve access to applications. Help increase academic institution agility through on-demand access to applications, and enable anywhere access for students and faculty

-          integrate technologies. Minimize application and OS compatibility issues. 

For student, ThinIdentity can help to facilitate the dynamic learning, teaching, and research activities in a university. It centralized the computing and storage resources, this gives a great convenience to schools and department across university to self-provision computing environment, enable lecturers and students to easily access to the necessary information immediately and efficiently.

Both students and faculty could use it for quick access to student records. As a student I could then see if what classes are open, if any are available to audit, etc. all from the thin client. It would also allow for the faculty to have greater manageability.

Question3: In thinking about cloud computing (focusing on the public cloud), what role could it play in business continuity planning for Denver Health? That is , how could the public cloud act as a backup for Denver Health’s private cloud?

Denver health would be benefitting from the public cloud in two ways: from the computing capacity and also from the storage aspect, both on a private level. The public cloud could be an option for Denver Health’s business continuity planning. The public cloud could be used as a tool or backup solution for Denver Health’s private cloud. Denver Health could work with a company such as Amazon Web Service or AWS to create a backup cloud. In the case that all of Denver Health’s assets go down, they would then still be able to access their information that they worked with Amazon in putting into the public cloud. They can also work with Amazon and their public cloud with a colocation facility. This would allow for Denver Health to still be able to access information on the chance that something catastrophic happens at their data center.
 
When disaster strikes the company, and data “lost,” the public cloud can help in a less costly way than having servers at a separate site. Data on the cloud is delivered through a web portal belonging to a cloud service provider. The only expense is that of the resources consumed. This is how public cloud act as a backup for Denver Health’s private cloud.

Overall, the future of cloud computing and storage is a strong and solid one. Denver Health should be aware of not entering a long-term agreement with a cloud provider. A benefit of cloud storage is that you can switch companies if a better deal becomes available. The information is not locked to one carrier, if a firm decides to switch. Additionally, in order to minimize a recovery phase, the hospital should be sure to use a cloud provider that has a fast recovery phase. Much research should be done before any major decision is made, but there are definitely solid reasons to use the public cloud as a backup for Denver Health’s private cloud.


Question 4
If Denver Health were to give each patient a smart card, log-on name, and password, which functions, features, and information could benefit patients? What security would have to be in place to ensure that patients have access to only their own information?

Patients would be able to look at their own personal patient history such as office visits, test results, prescriptions, anything that is related to that patient. Patients could also then utilize the tool to see if and when their doctor is going to be in the office and try to schedule a visit. Denver Health could also take it one step further and allow for patients and the doctors to interact. With a patients history right there if a patients is asking questions or looking at symptoms doctors would be better able to diagnose for minor ailments not requiring an office visit from the patient.
There would still have to be security measures in place. Each user would have to have their own login and password. This would be similar to what is in place with online banking. Many customers bank, but with their login information they are only able to access their own accounts and not another customers.


Question 5
How could Denver Health extend the ThinIdentity solution beyond its brick-and-mortar walls? How would it work (i.e., need to change) to have doctors and nurses log on from home or use a mobile device such as a Blackberry or iPhone? 
 
Denver Health could expand ThinIdentity outside of its brick-and-mortar walls, Denver Health could expand their solution to users with smartphones. If Thinidentity is going to be utilized on a smartphone Denver Health is going to have to create an application that allows for only registered users to access, or create a VPN connection on the device and then only be able to access ThinIdentity from behind the VPN.


Question 6
The reduction in physician log-on time is an efficiency metric. What are some effectiveness metrics that could justify Denver Health’s use of ThinIdentity? 
 
I think Denver Health could take a look at employee satisfaction as one of their metrics. It will be essential that the nurses, doctors and everyone else who is using ThinIdnentity has a positive view of it. If ThinIdentity is well liked the users are going to be more inclined to use it the way that Denver Health wants them to.
Denver Health will also want to look at how ThinIdentity impacts their long-term objectives. Has the implementation created better patient care, is Denver Health realizing more dollars per patient, or doctors seeing more patients.

Lecture #7 (Part 2) - Tablets Take Their Place in the PC market

Computers, using some AI techniques like those we discussed in Chapter 4, can learn.  In the classroom while a child is using a tablet PC to learn the basics of addition, how can software be developed to aid in the learning process? 

 

Based on the learning styles of a person, a software can be developed particular in 3 aspects to aid the learning process:

  

Aural (or Auditory) Learners

These learners generally prefer to hear information. They will typically learn most easily from lectures, group discussions, music, web chats, or talking things through. Often people with this style will process things by talking about them, rather than talk about things after they've processed them.

Aural learners benefit from the aid of a software by being able to clearly hear what is happening; being able to see what is happening is less important. They might choose to study by reading aloud with the aid of software, and they benefit from verbalizing what they've learned.

With the aid of software, a aural learner repeat the hearing process by listening to a proper pronunciation and attractive voice without the aid of a teacher and hence fasten the learning process

Visual Learners

Maps, charts, diagrams, graphic organizers, patterns and shapes—these are some of the best tools for visual learners. They tend to be "big-picture" people and are often interested in layout and design. Individuals who prefer this learning style generally can grasp information more quickly (and more thoroughly) when it is organized graphically than they would if that same information were explained aloud.

A software can assist in presenting the learning materials in the form of graphics, diagrams in helping visual learns to absorbs the learning materials in a more effective way. 

 

Kinesthetic Learners

The word kinesthetic means movement, and certainly these learners prefer to learn by doing something physical (such as a hands-on activity or a field trip). But there's more to it than that. Some researchers have defined this style as preference for learning related to experience and practice—in other words, they prefer their learning to be connected with reality. Certainly physical activities accomplish this.

A software can be designed to provide a interactive interface to allow a kinesthetic learners to experience the leaning process in order to strengthen their learning process.

  

Does this mean that teachers are no longer needed for some subjects?  Are teachers needed in earlier grades while computer-based training can take over in later grades?  Why or why not ?

 The teachers are still needed for some subjects whether in earlier grades or later grades. This is because despite the usefulness of the technologies, a human interaction is required to teach and facilitate the learning process. In addition, there are many values and knowledge can not be teach directly through a computer.

Question 2

End-user systems, like those that allow patrons to order meals on an iPad, must be “idiot proof.”  (We apologize for the crudeness of that term.)  That is, systems must be usable without training and created in such a way, for example, that a patron at one table can’t accidentally change the order of a patron at another table.  What does this mean for systems development?

 

This means that the system must be developed in such a way which is intelligent enough a place an order. 

Can complex and complicated end-user systems be developed and deployed on tablet PCs so that people can use the systems without training and without intervention by a knowledgeable person such as a waiter or waitress?

Yes. The development of the system should heading to a more complicated and complex end-user system without training and without intervention by a knowledgeable person such as a waiter or waitress.

As discussed above, we still need to emphasized on the human interaction when come customer service particularly in a service industry. 

Question 3

What security issues are involved in allowing people to pay with tablet PCs?  Does this payment process make it easier for someone to steal your credit card information? 

 The securities issues involved can be the theft of personal information which is private and confidential and causing financial losses by using tablet PC.

Are you comfortable using a restaurant-supplied technology to enter your credit card information?  Why or why not ?

Not confortable. This is because the restaurant supplied technology is not 100% guaranty the information will be prevented from theft or be used for other purposes. 

Question 4

What will happen to offshore outsourcing for software development?  Can outsourcing firms in India and China for example be expected to develop software systems for use in U.S. schools?  Can those same firms be expected to develop systems that meet FAA rules and restrictions ?

Offshore outsourcing will help the further boost of software development because there is sharing of information, expertise and intellectual.

There is no any issue for India and China to develop software system use in US schools. Although there is a geographical barrier but through an effective communication, those developed software can meet the standard and requirements in US.

Yes, those same firms can be expected to develop system which meets the rules of FAA and restriction so long as a good communication and the compliance matter are met by the developer.