Lesson 3: Case Study exercises

Chris is a lowlevel manager in the computer operations shop of FastStart&New.com, an online shopping mart of expensive and flashy high tech items. Most of the development of the companys IT related applications takes place at headquarters in New York city, but some of the work is contracted overseas.

Part 1: One morning at work, after poring over The Wall Street Journal On Line (www.wsj.com = subscription paid for by the company and in his name), Chris was interrupted by one of his staff reporting that the evenings backups were still not complete. Doing some investigating, Chris realizes that a colleague of his in Marketing recently downloaded 50GB of data onto the network drive, which caused the backup to continue beyond its expected time. Being cautious, Chris casually calls his colleague and mentions the recent download to her. Oh, its OK, she says. I needed some more material for a layout were doing. Having taken this step to investigate the matter, Chris feels satisfied with the answer and starts looking at the cost of upgrading the companys backup system. Chris knows through his workrelated activities and through the grapevine that this colleague in Marketing has been disgruntled with the company for years and has a grievance pending against it.

Questions: Should Chris have taken steps to further investigate his colleagues activities? What are Chriss obligations to protect the company from harm?

Part 2: Next morning, Chris comes in earlier than usual so he can use the companys fast Internet connect to book reservations for a vacation hes been planning for months. His office phone rings during this time, but he lets voidmail respond. After the start of his normal working time, Chris boss comes in with the latest Info Week and flashes an article about new packet sniffer he wants Chris to try using the company as a test target. Dutifully, Chris purchases the packet sniffing software and begins to monitor all the companys incoming and outgoing Internet traffic for 6 hours. He notes the nice layout of the software services, saves the screen shots, downloads all the packet information and sends it off to his boss with a recommendation to purchase. Per his bosss usual habits, Chris doesnt really expect an answer.

Questions: Should the companys employees have been alerted to the sniffing activity beforehand? Is there any concern about the use and storage of the information obtained by the sniffer?

Part 3: In an effort to recoup some of the cost of IT for the company, Chriss boss plans to start a consulting business using the resources of the company. The companys board approves of this move. After a few months, Chriss boss approaches him and asks Chris to plan for the development and deployment of a bleeding edge application for a possible client. There is little Chris or anyone else in the company knows about this new technology, but Chris does his homework as best he can and builds a proposal. He feels about 50 percent sure about the technology and costs involved, but time is of the essence, and the proposal needs to be submitted.

Questions: Should the company have bid on the project? How forthright should Chriss company be with the client?

Part 4: Finishing up making online reservations for his vacation, Chris gets an urgent email from a person in the companys overseas operation. The email alerts Chris that there likely was an unauthorized intrusion into the sites website, which incidentally contains sensitive customer information. Most everyone at the site agrees that an intrusion occurred, but no one know for sure what the extent of the intrusion was.

Questions: What is best for the company? What should the company do?

Part 5: That evening, Chris is working with his companyowned laptop on some programming problems while watching his daughters baseball game at the community party. His laptop suddenly alerts him of availability to an unencrypted wireless network. The laptop also has the new network sniffer installed.

Questions: What are the boundaries of activity with respect to the unencrypted network that you think Chris is permitted to do?