ComputerScienceExpert
$18/per page/
Hello Please can you solve the both cases and send the solutions back to me. thanks
It has been attached.
Case 1Designer clothing marketer Guess, Incorporated has agreed to settle Federal TradeCommission charges that it didn’t use “reasonable or appropriate measures” to pre- ventpersonal consumer information from being accessed at its Web site, Guess.com. Aninvestigation into the stolen personal data found that Guess failed to take measures to mitigateknown weaknesses in its software supporting the Web site and these weaknesses were knownto be commonly exploited by hackers. As part of the settlement agreement, Guess willimplement comprehensive information security measures for Guess.com and affiliated sites.“Consumers have every right to expect that a business that says it’s keeping personalinformation secure is doing exactly that,” said Howard Beales, Director of the FTC’s Bureau ofConsumer Protection. “It’s not just good business, it’s the law,” he said. Ironically, Guess.comhad provided online statements that stated that customer’s personal information was secure andwould be protected. The company’s online claims included, “This site has security measures inplace to protect the loss, misuse, and alteration of information under our control,” and “All ofyour personal information, including your credit card information and sign-in password, arestored in an unreadable, encrypted format at all times.”According to the FTC complaint, Guess did not maintain personal data in an encrypted form atall times, and the site had been vulnerable to a commonly known SQL injection attack since atleast October 2000.In February 2002, a visitor allegedly implemented such an attack and was able to view creditcard information in clear text that was stored in Guess’s database. The Guess settlementprohibits the company from misrepresenting the extent to which it maintains and protects thesecurity of personal information collected from or about consumers. It also requires that Guessestablish and maintain a comprehensive information security program. In addition, Guess musthave its security program certified as meeting or exceeding the standards in the consent orderby an independent professional within a year, and every other year thereafter. An FTCCommission voted to accept the proposed consent agreement, but it has not been finalized intolaw. Copies of the complaint and consent agreement are available from the FTC’s Web site athttp://www.ftc.gov.SOURCE: Federal Trade Commission, http://www.ftc.gov/os/ 2003/06/guessanalysis.htm.Questions1.Online banners are often used to enhance consumer confidence in makingpurchases online, but what implications are there if these online claims turn outto be false?2.How can a company ensure that it takes “reasonable or appropriate measures” toprevent personal consumer information from being accessed for illegitimatepurposes?3.What implications does this case hold for persons involved in informationsecurity?Case 2The organization we consider in the case is a typical state university. We call it theSunshine State University. Modern universities such as the Sunshine State Universityshare most characteristics of medium-to-large businesses. They serve upwards of20,000 demanding users, have thousands of employees, have budgets in excess of a
Attachments: