11.1 - The Role of the Operations Department

Companies perform important pieces of “due care and due diligence” efforts which include correct policies, procedures, standards, and guidelines.

These due diligence efforts require responsible, careful, cautious, and practical company practicing. It is important to identify systems and operations that are sensitive (meaning they need to be protected from disclosure) and critical (meaning they must remain available at all times).

Organizations consider many threats including disclosure of confidential data, theft of assets, corruption of data, interruption of services, and destruction of the physical or logical environment. The correct steps need to be taken to achieve the necessary levels of security while balancing various constraints.

Operations security departments ensure that people, applications, equipment, and the overall environment are properly and adequately secured.

10.3 - Software Development Life Cycle

The Software Development Life Cycle consists of requirements gathering, design, development, testing/validation, and release/maintenance.

• Requirements gathering: Determines the why create this software, the what the software will do, and the for whom the software will be created
• Design: deals with how the software will accomplish the goals identified
• Development: programming software code to meet specifications laid out in the design phase
• Testing/validation: validating software ti ensure that goals are met and the software works as planned
• Release/maintenance: deploying the software and then ensuring that it is properly configured, patched, and monitored

10.2 - System Development Life Cycle

A life cycle is a representation of development changes. Systems have their own developmental life cycle, which is made up of the following phases: initiation, acquisition/development, implementation, operation/maintenance, and disposal. These together are referred to as a system development life cycle (SDLC).

• Initiation:
• Need for a new system is defined
• Acquisition/development:
• New system is either created or purchased
• Implementation:
• New system is installed into production environment
• Operation/maintenance:
• System is used and cared for
• Disposal: 
• System is removed from production environment

10.1 - Where Do We Place Security?

Different Environments Demand Different Security
- Network and security administrators are overwhelmingly having to integrate various applications and computer systems to keep up with company demand.

Environment vs Application
- Application controls and are very specific to their needs and in the security compromises they understand.

Functionality vs Security
- Code security and functionality is inherently built-in.

9.3 - Ethics

• Ethics are based on many different issues and foundations because of this they are interpreted differently on an individual basis.

• Computer Ethics Institute is a nonprofit organization that works to help advance technology by ethical means.
  
• The Computer Ethics Institute has developed its own Ten Commandments of Computer Ethics:

1. Thou shalt not use a computer to harm other people.
2. Thou shalt not interfere with other people’s computer work.
3. Thou shalt not snoop around in other people’s computer files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not copy or use proprietary software for which you have not paid.
7. Thou shalt not use other people’s computer resources without authorization or proper compensation.
8. Thou shalt not appropriate other people’s intellectual output.
9. Thou shalt think about the social consequences of the program you are writing or the system you are designing.
10. Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.

9.2 - Intellectual Property Laws

Intellectual property laws do not always concern themselves with what is right or wrong. Its main focus is on how organizations and individuals protect what they rightfully own from unauthorized use. This provides these entities options for what they can do if these laws are violated.

• Trade Secret
• This is something that is proprietary to an organization and vital for its profitability  and survival.
• For example, the trade secret that Coca-Cola owns is the formula used for their soft drink. This resource is highly confidential and protected with various security precautions and actions. Such actions could be both physical (Safes and Security surveillance) and legal (Non-Disclosure Agreements).

• Copyright
• Denoted by a (©), copyrights protect the right of an original author to control the distribution, reproduction, display, and adaptation of an original work. 
• This law covers various types of work: pictorial, graphic, musical, dramatic, literary, pantomime, motion picture, sculptural, sound recording, and architectural. 
• It should be noted that, unlike trade secret law, copyrights do not protect the specific resource; however, it indemnifies the “expression of the idea of the resource instead of the resource itself”.

• Trademarks
• These differ from copyrights in that they are used to protect a words, names, symbols, sounds, shapes, colors, and any combination of these. 
• Generally, trademarks are sought after they are believed to represent an entities’ brand identity to a group of people or the world.
• Patent
• Patents are granted to individuals and organizations to grant legal ownership that enables exclusive use or copying of the invention covered by the patent.
• After the inventor completes an application for a patent and it is approved, the patent grants a limited property right to exclude others from making, using, or selling the invention for a specific period of time.

9.1 - Complexities in Cybercrime

A majority of cyber attackers rarely caught because they mask their identities and addresses, this is known as spoofing. As we know, these attackers hack into networks, retrieve any resources they sought, and wipe clean all logs that may have tracked their activity. Often times, companies do not even know they have been violated.

The Evolution of Attacks

• In the early days of computing, hackers were mainly made up of people who just enjoyed the thrill of hacking. True hackers saw this as a challenging game without any real intent of harm or damage. Unfortunately, this former trends have taken on more sinister and destructive means.
• In modern times, script kiddies and others hack to simply wreak havoc and just for the fun of it. Additionally, organized criminals have now sprouted on the scene and have increased the amount of damage done.

International Issues

• The text explains, “If a hacker in Ukraine attacked a bank in France, whose legal jurisdiction is that?” Cybercrime lacks the uniformity in standard law for prosecuting these individuals.