Reference no: EM132640566
Principle and Policy - Info Assurance
Answer the questions below and insure you justify ALL answers. Answers must be explained in your own words. Add references if appropriate.
Question 1. A noted computer security expert has said without integrity, no system can provide confidentiality. Do you agree? Can a system provide integrity without confidentiality?
Question 2. Some cryptographers believe security mechanisms other than cryptography are unnecessary because cryptography could provide any desired level of confidentiality and integrity. Ignoring availability, either justify or refute this belief.
Question 3. In security, both physical and cyber, there is a concept of Defense in Depth. Discuss this concept for physical security. You must protect a very sensitive location. Given the ideal situation of an unlimited budget to physically defend an organization, describe how you would go about protecting the facility (physically) as well as the network (physically) from a malicious actor or group gaining entry. List devices and controls you would put in place to protect the location. Describe why you think these might be necessary and how they protect the organization. Include everything you learned from chapter 7 of Security Programs and Policies.
Question 4. Describe devices or controls you know have been used in other organizations but you left out of question #3. Explain why you did not include them and why you think they are not needed.
Question 5. You are a Data Center manager. Your physical security measures were....inadequate...and hacktivist have broken into your data center and set it on fire. Discuss your thoughts. What type of fire suppression system should be in place? Do some research and figure out how often it should be inspected and tested; give me the information you found. Are there any special things that should have been accomplished long ago to help restore the business to operation again? Discuss.
Question 6. What is an SOP? Describe what chapter 8 of Security Programs and Policies says are important about them and should be done.
Question 7. What is Change Control and why is it important? Why is patch management normally handled differently?
Question 8. Discuss what the book Security Programs and Policies says about Service Provider contracts. Discuss what is meant by Due Diligence and include the importance of audits.
Question 9. In chapter 9 of Security Programs and Policies, the book talks about 3 types of Identity Verification. Describe what they are. There is another that is starting to be used, but the book did not discuss. It is Where You Are. Research this and see how it is being used and give your thoughts.
Question 10. You were just hired to be the Chief Information Security Officer for a very large organization. In your first week at work you find out the organization has a telework policy which allows employees to use personal computers from home to connect through the organizations VPN. Is this a good practice? Why or why not? As the CISO, are there any recommendations you would make to executive leadership? If so, what are they?
Question 11.Ransomware has become a major issue for individuals, businesses, governments, banks, hospitals, etc. Research and describe the ransomware incident which occurred in Texas in August 2019. Give your thoughts about what occurred. List what you found to be good and bad about the response.