Description
In this activity, you are going to analyze a real-life Insider Threat action where files were deleted to intentionally drop a stock trading server, resulting in millions of damages to UBS-PaineWebber (UBS-PW) while generating stock trade benefits to the perpetrator. This assignment explores and applies key concepts presented in all course modules to date.
For this assignment, read the following, analyze the case study, and conduct research to answer the specified questions in a 4-5 page paper using current APA format:
- 7.4 Case Study 3: The Weakest Link (Links to an external site.) (in Chapter 7: Theory into Practice, pages 135-140)
- DeFranco, J. (2014). What every engineer should know about cybersecurity and digital forensics. Boca Raton, FL: CRC Press.
- Summary: The Case Study provides a well-structured narrative of circumstances surrounding the criminal case (outlined in greater technical detail below).
(This case study is readily available via the Hunt Library as a ProQuest “ebrary” book: Make sure you are logged into ERNIE when accessing the link)
- Gaudin, S. (2006, June 16). UBS trial: Parts of attack code found at defendant’s home (Links to an external site.).
- Summary: This excellent article provides important technical details about the forensic investigation on Roger Duronio.
- Note: the Information Week article actually covers 3 webpages, so be sure to look for the page advance button at the bottom of each page.
- Summary: This excellent article provides important technical details about the forensic investigation on Roger Duronio.
This is an Insider Threat Case Study. UBS-PaineWebber (UBS-PW) employee Roger Duronio became disenchanted because he was dissatisfied with his pay bonus, and his pay in general. Before leaving the company in anger, he planted a logic bomb that deleted numerous files and caused UBS-PW stock trading servers to become inoperable. This, in turn, caused a multi-million dollar stock price drop that Duronio profited from by placing put options on the stock before it crashed due to his actions.
This is a research assignment. Be sure to use and cite any of the reading or viewing resources presented in this course to date, plus at least 5 additional outside resources you find on your own, to help formulate your essay answers to the questions below. In total, you need to reference a minimum of at least 8 resources (using current APA format) in your essay. Again, material from assigned Readings, Supplemental Readings, videos, and presentations should be used to support your completion of this assignment.
Format:
Create a 4 page essay (Main Body section), using current APA format (Links to an external site.) (i.e., 12 pt. Times New Roman font, double-spacing, and one-inch margins, etc.) making sure to answer each research question.
Your paper should include sections for a Title Page, Introduction, Main Body, Conclusion, and References.
Answer the following questions in essay format:
- Duronio faced charges of computer sabotage, securities fraud, and mail fraud. Identify one or more specific laws applicable to each charge that he was prosecuted under, and why they applied in this case.
- Why did Duronio’s defense attorney, Chris Adams, target CISCO and @Stake Inc. in defense of Duronio, and what was he trying to accomplish?
- What forensic planning/analysis failure opened the door for this argument?
- UBS’s security configuration allowed more than one person to log onto the system at the exact same time using the same USERID and password. Why did this work in the defense’s favor?
- Did UBS have a well-formed IT security organization, and how did this affect the trial proceedings?
- As an IT security expert or manager assigned to help UBS recover from this incident, what recommendations would you make to them if you were hired as an outside consultant?
Refer to the rubric for grading criteria.
MISA 505 5.4 Individual Case Study Rubric
Criteria | Ratings | Pts | ||||
---|---|---|---|---|---|---|
This criterion is linked to a Learning OutcomeIdentification and Analysis of the Main Issues/Problem |
|
20.0 pts |
||||
This criterion is linked to a Learning OutcomeComments on effective solutions/strategies |
|
20.0 pts |
||||
This criterion is linked to a Learning OutcomeAnswers to Case Study Questions |
|
30.0 pts |
||||
This criterion is linked to a Learning OutcomeStyle and Mechanics including use of APA style |
|
30.0 pts |
||||
Total Points: 100.0 |