1. Why is cybercrime expanding rapidly? Discuss some possible
solutions.
2. In addition to hackers, what kinds of cybercriminals do organiza–
tions need to defend against?
3. What are the major motives of cybercriminals?
4. In what ways do users make themselves vulnerable to cybercrimes?
5. Why do malware creators alter their malware?
6. Why should you set a unique password for each website, service,
and device that you use?
7. How can malware be stopped from stealing or disclosing data from
an organization’s network?
8. What impact might huge fines have on how much a company budg–
ets for IT security defenses?
9. Why are BYOD, BYOA, and do-not-carry rules important to IT secu–
rity? Why might users resist such rules?
10. Why do users refuse to use strong passwords even though they
know how dangerous weak passwords are?
11. How can the risk of occupational fraud be decreased?
12. Why should information control and security be of prime concern
to management?
13. Explain what firewalls protect and what they do not protect.
14. Why are authentication and authorization important in
e-commerce?
15. Some insurance companies will not insure a business unless the
firm has a computer disaster recovery plan. Explain why.
16. Explain why risk management should involve the following ele–
ments: threats, exposure associated with each threat, risk of each
threat occurring, cost of controls, and assessment of their effectiveness.
17. Discuss why the Sarbanes–Oxley Act focuses on internal control.
How does that focus influence information security?
