User Account

All Pages

Write a succinct policy statement specifying employee

Assignment Help Computer Network Security
Reference no: EM13328747

Part 1: True or False Questions .

1. T F There is only one way to calculate economic value to justify investments in security measures. Answer: _____


2. T F A business continuity plan explains how an organization will maintain operational capabilities during an incident, while an incident response describes how the organization will handle the security incident itself. Answer: ____


3. T F Viruses infect hardware and executable files. Answer: _____


4. T F A fence register protects an operating system from a user, but does not protect the user from other users. Answer: _____


5. T F In conducting a risk analysis, it is often not possible to directly estimate the probability of an event. Answer: _____


6. T F A security policy that by default provides no access rights is an example of least privilege. Answer: _____


7. T F A security policy, no matter how well written, may need revision from time to time. Answer: _____


8. T F With unlimited resources and security controls, it is possible to reduce risk to zero. Answer: _____


9. T F A database management system with perfect user access controls would have no integrity vulnerability. Answer: _____


10. T F Since physical security is often managed under separate responsibility from information security, risk analysis for information security does not need to address physical security. Answer: _____


Part 2: Short Answers. Please answer briefly and completely, and cite all sources of information.

1. What is the principle of adequate protection? Do you agree with the principle? What difficulties are associated with implementing it?

2. What is the difference between a threat and a vulnerability? Define each, and then give at least one example of a threat and of a vulnerability.

3. Describe the fundamental principles in both the Bell-LaPadula and Biba security models. For each, explain what sort of security the model is intended to provide, the two key properties of the model, and then explain in your own words why each of the properties makes sense from a security standpoint.

4. Describe the similarities and differences between a virus, a Trojan horse, and a worm. Give examples of controls that could be implemented to mitigate the threat of each of these types of malicious code.

5. What is the difference between inference and aggregation? Give an example of each, and describe at least one way to mitigate each type of vulnerability.

6. Cite a risk in computing for which it is impossible or infeasible to develop a classical probability of occurrence. Why?

 

Part 3: Short Essay. Please restrict your answer to three (3) pages (double spaced) or less.

Global Corporation, Inc. (GCI) is a fictional multi-national company providing outsourced financial services to a variety of clients across many industries, including commercial and government entities. GCI specializes in billing and invoicing services, in which GCI receives relevant data from its clients and processes the data to produce the invoices, monthly statements, and other billing items that are sent to the customers of GCI's clients. GCI employees serve the company's customers both on-site at customer locations and while working in GCI facilities. GCI employees routinely store data related to multiple clients on their company-issued laptops.

GCI's Chief Information Officer, having read of the numerous data breaches reported among commercial and government organizations, has become concerned about the risk to GCI's customers and potentially the company's reputation if GCI were to experience a similar breach. She has tasked you, the Director of Information Security, to create a new corporate policy regarding the protection of client and company confidential data stored on employee computers, particularly including laptops. Respond to each of the following, taking into account material we have studied in this course regarding threats and vulnerabilities, as well as Pfleeger's discussion of the characteristics of effective security policies in chapter 8 of the text. Cite these and other pertinent sources used in your answer. Be specific and briefly but fully explain and give reasons for your answers.

a. Summarize the primary vulnerabilities and potential threats that exist for GCI related to the practice of storing sensitive data on laptops. In your opinion, which of the risks GCI faces are most significant to the company?

b. What measures would you propose to senior management to try to prevent a breach of data held by GCI? Your response should include recommendations for mitigating vulnerabilities identified in part (a).

Write a succinct policy statement specifying employee and company responsibilities for protecting client and corporate data, such as the data stored on employee laptops. Be sure to address requirements for protecting the data from theft, and for rendering the data unusable should it be compromised.

Reference no: EM13328747

Questions Cloud

Explain what happens when phenolpropane sodium bromide : what happens when phenolpropane sodium bromide and sulfuric acid are refluxed, distilled then seperated
Explain why does bromine add faster to a distributed double : why does bromine add faster to a distributed double bond than a monosubstituted double bond to produce dibromide
Explain some water was added to the initial reaction mixture : Some water was added to the initial reaction mixture in the procedure you performed. a. How might the yield of 1-bromobutane be affected if the water were not added, and what product(s) would be favored
Use the work-energy theorem to find its maximum height : You throw a 20-N rock vertically into the air from ground level. You observe that when it is a height 14.5m above the ground, Use the work-energy theorem to find its maximum height
Write a succinct policy statement specifying employee : Summarize the primary vulnerabilities and potential threats that exist for GCI related to the practice of storing sensitive data on laptops. In your opinion, which of the risks GCI faces are most significant to the company?
Perform horizontal and vertical analysis : Perform horizontal and vertical analysis on Westward s financial statements, show your results amd the financial performance of Westward, given the analysis tools
Explain what is the ksp of calcium hydroxide : A 500ml portion of a solution at pH=13 will just barely dissolve 3.2x10-­4 moles of calcium hydroxide. What is the Ksp of calcium hydroxide
Find the initial total mechanical energy of the projectile : A 56.0-kg projectile is fired at an angle of 30.0° above the horizontal with an initial speed of 1.24 102 m/s from the top of a cliff 146 m above level ground, What is the initial total mechanical energy of the projectile
Explain the ferrocenes come off the alumna column : Considering the structure of ferrocene and acetylferrocen, identify what interparticle/ intermolecular forces are present between these ferrocenes and the mobile phase. How do they help explain the order in which the ferrocenes come off the alumna..

Reviews

Write a Review

Computer Network Security Questions & Answers

  Explaining characteristic of san or a nas configuration

Storage Area Networks (SAN) and Network Attached Storage (NAS) each give high capacity file storage. For the following list, indicate whether the list item is more characteristic of a SAN or a NAS configuration.

  What is the value of your shared secret key

You begin the session by sending X your calculated value of TA. X responds by sending you the value TB = 167. What is the value of your shared secret key? Show all your work.

  Cryptography and network security

CS 470: Cryptography and Network Security,  Compare the RSA and EIGamal signature schemes' performance in terms of efficiency of the verification operation, ability to pre-compute most of the signature operation in advance.

  Network security

SLE, ARO, and ALE, behavioural biometric technology, Enterprise Information Security Policy, Issue Specific Security Policy, System Specific Security Policy, firewalls protect network, creating a DMZ during firewall implementation, use of SSL to se..

  Subnet masking and designing small networks

Users on wireless or the open nodes adjacent to the concierges desk should not be able to access the hotels corporate networks and corporate network should only be able to talk to the machine room using protocols DNS, DHCP, HTTP, HTTPS and SSH.

  How will ad organizational units be organized

How will the second site factor into domain controller placement? How will AD sites be configured and how will AD organizational units be organized

  Write vulnerabilities and methods of securing rpc

TCO C states "Given a computer network for data transmission, identify and analyze possibilities for loss or modification of data. Write down the vulnerabilities of RPC? What are the present methods of securing RPC?

  Illustrate three security services-confidentiality-integrity

Illustrate that three security services: Confidentiality, Integrity, and Availability are enough to deal with threats of: (a) Disclosure, (b) Disruption, (c) Deception (deceive = to cause to accept as true.

  Design an algorithm to achieve the byzantine agreement

Design an algorithm to achieve the Byzantine Agreement for the case that there are four processes, amongst which one is corrupted.

  Create random secret one-time pad key ka and xors

Creates random secret one-time pad key KA and XORs it with K. She sends M1 = KA K to Bob. Bob creates random secret one-time pad key KB, XORs what he gets with it to compute M2 = M1 KB.

  Why one-time password system more secure authentication

Why is one-time password system considered more secure than the basic authentication system? Give at least two reasons.

  What security features given by running special software

What security features could be given without changing mail delivery infrastructure, i.e., by only running special software at source and destination?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd