How would you approach improving the security education training and awareness in an organization you know well (e.g. Temple as a student) but you will not name in your answer post and comments?
Case Study 2 – Participation Comments
This week you will not be responsible for posting comments to the answers of your classmates. Your participation comments this week will be graded based on the performance of you and your team during the presentation of your group’s work and discussion during the class.
In The News
Case Study 2 – Assignment
Answer the following 3 questions in a way that demonstrates the depth of your understanding of the security and auditing concerns represented by the case. Your answers to the questions should be submitted to the Case 2 Assignment in Canvas. Your analysis should be single-spaced pages using 11 point Times New Roman font with one-inch margins, and the entire document should be limited to 3 pages (including the diagram for your answer to question 1.) Do not prepare a separate cover page, instead put your name, the class section number (MIS5206.001), and the case name in the top-left corner of the header. Add page numbers in the footer of the document. Your assignment should be saved as a PDF formatted file to Canvas, your PDF file should be named Case2-YourName.pdf
Answer the following 3 questions:
1) What steps did the cybercriminals follow in committing this theft?
- You may create a diagram to include in your answer that illustrates the steps the cyber-criminals followed in the Target exploit and breach and the detection of the breach
2) What factors allowed this theft to take place?
3) What are the consequences of the breach for the stakeholders?
In The News
Wrap Up…
Unit #2: Wrap Up
All Questions
Answers to the following questions should be written up and submitted following the instructions found in the Syllabus and posted to Canvas.
- What is meant by the term “acceptable information system security risk”? Who within the organization determines what is the acceptable level of information system risk? How does an organization determine what is an acceptable level of risk?
- What is an information risk profile? How is it used? Why is it critical to the success of an organization’s risk management strategies and activities?
- How would you go about creating an information risk profile for a small start-up business? Describe what the risk profile for the business would contain? How should the business use the risk profile?
Question 1
What is meant by the term “acceptable information system security risk”? Who within the organization determines what is the acceptable level of information system risk? How does an organization determine what is an acceptable level of risk?
Question 2
What is an information risk profile? How is it used? Why is it critical to the success of an organization’s risk management strategies and activities?