Question

Answer one of the following question:
1- Some IT security personnel believe that their organizations should employ former computer criminals to identify weaknesses in their organizations’ security defenses. Do you agree? Why or why not?
2- Develop a strong argument against the adoption of a bring your own device (BYOD) policy for a large financial services organization. Now develop a strong argument in favor of the adoption of such a policy.
3- A successful distributed denial-of-service attack requires the downloading of software that turns unprotected computers into zombies under the control of the malicious hacker. Should the owners of the zombie computers be fined or otherwise punished as a means of encouraging people to better safeguard their computers? Why or why not?
Notes:
answer by using your own words please ..
the name of course is "Professional Computing Issues"

There is no year in any of the questions. Are you sure that you have read the questions?

Answer 1

Question 1)
Answer:

Yes, I agree some IT security personnel believe that their organizations should employ former computer criminals to identify weaknesses in their organizations’ security defenses. In fact, some of the organizations have already done this and it has even ended up, positively and constructively.
To effectively fight against cyber attackers and hackers, the defenders should think, act, and attack exactly the same as their opponent or enemy cyber attackers and hackers. Hence, there are white hat hackers who hack systems exactly the same as black hat hackers however, the white hat hackers are professional and ethical hackers, who do it officially and legally. In fact, many organizations, governments, companies, enterprises, etc., are even seeking help from grey hat hackers who sometimes violate laws or typical ethical standards, however with no malicious intent, unlike black hat hackers.

Organizations give this ethical hacking job to grey hat and white hackers through agencies and third-party vendors. Now, some of these grey hat hackers would have hacked systems earlier illegally or unofficially. What some IT security personnel believe is these grey or white hat hackers, and even some black hat hackers who indulged in hacking systems illegally or unofficially before could now work for their organizations’ security defenses. Of course, all these can be arranged legally, officially, per law, and the organization's policy with proper security and safety from these hackers. Everything and every action of such (black hat hackers) hackers working for the organization should be documented and should be per the agreement, with the written consent of the organization permitting the hacker to hack their systems or networks.

Such organizations should also be responsible for monitoring the actions and job of such hackers, as a precautionary step. Necessary monitoring, controlling, regulating, and surveillance would be required to keep an eye on such hackers working for the organization's security defenses.

This is exactly the same as any police or FBI investigating a thief who indulged in a physical robbery, heist, etc., in person, who now elaborates to the police how he carried out such a malicious act, what pattern the thief uses, how he/she finds out the weaknesses of a person, building, commercial store, shop, company, etc. Similarly, a previous black hat hacker, who is now living an innocent life or who has already undergone punishment for his earlier bad actions, can now help governments, organizations, companies, the public, etc., figuring out the weaknesses, vulnerabilities, and other loopholes in the systems, networks, etc. This would give an opportunity for the former computer criminals to seek redemption, can have a new career, earn decent money, help society, work for a good cause, help organizations catch current computer criminals, secure organization's security defenses, and make it stronger. Only former computer criminals can think like the current computer criminals, and this is required and this is a method of working, in fact, it is the best method of working.

The only thing that these former computer criminals should be taught and trained on is professional ethics by the IT security personnel of the organization. This would be very productive and effective only provided, the former computer criminals do not indulge in any computer crimes any more within or outside the organization. They should be made to understand any attempt to indulge in any computer crime with respect to the organization's data, systems, or networks, they will be legally handled.

This is difficult but can be achieved, only if those former computer criminals co-operate with the organization, as it completely depends on the former computer criminals' minds, intentions, and actions.