A professor wants his computer security class to learn about computer viruses. So he creates an exercise for them to write one and test it out. They will do this on a network that is not connected to any other network (and, especially, not to the Internet).
Do you think having students write viruses is a reasonable way to have them learn about computer viruses?
The IP Commission Report: The Report of the Commission on the Theft of American Intellectual Property, released in May 2013, has the following recommendation (see p. 81):
Additionally, software can be written that will allow only authorized users to open files containing valuable information. If an unauthorized person accesses the information, a range of actions might then occur. For example, the file could be rendered inaccessible and the unauthorized userŐs computer could be locked down, with instructions on how to contact law enforcement to get the password needed to unlock the account. Such measures do not violate existing laws on the use of the Internet, yet they serve to blunt attacks and stabilize a cyber incident to provide both time and evidence for law enforcement to become involved.
You can also obtain a PDF version of this. | Version of October 6, 2013 at 10:15PM |