How would you go about creating an information risk profile for a small start-up business? Describe what the risk profile for the business would contain? How should the business use the risk profile?
In the News
Wrap Up
Unit#1a presentation: Slides
Unit#1b presentation: Slides
Note on difference between the security objectives: Integrity and Availability:
In thinking through our discussion of the possible overlap in meaning and confusion between integrity and availability, the difference between the two becomes clear when we recognize that:
- Integrity of information implies trust in the validity, correctness, and authorized value of each datum (i.e. single data value) in information
- Availability of information implies physical/virtual ability to access and use information.
Thus a loss or breach of integrity may result in an incorrect decision or mistake due to data inaccuracy or reliance on a datum or data (i.e. plural of datum) lacking authoritative sanction. In contrast, a loss of availability of information may result in inability to perform one or more tasks. A breach of either integrity or availability may lead to adverse effect on organizational operations, organizational assets, or individuals. We will continue our discussion next week in class.
All Questions
- What are 3 types of risk mitigating controls? Which is the most important? Why is it the most important?
- How you would apply the FIPS 199 security categorizations to decide if each of the information security risk mitigations (“safeguards”) described in the FGDC guidelines is needed?
- Which information security objective(s) could be put at risk if the alternative safeguards recommended by the FGDC guidelines are applied? Explain how the objective(s) is put at risk by the mitigation(s).
Question 1
What are 3 types of risk mitigating controls? Which is the most important? Why is it the most important?
Question 2
How you would apply the FIPS 199 security categorizations to decide if each of the information security risk mitigations (“safeguards”) described in the FGDC guidelines is needed?
Question 3
Which information security objective(s) could be put at risk if the alternative safeguards recommended by the FGDC guidelines are applied? Explain how the objective(s) is put at risk by the mitigation(s).
In the News
All Questions
Questions:
- Do ITACS students represent information security vulnerabilities to Temple University, each other, or both? Explain your answer.
- Is information security a technical problem, a business problem that the entire organization must frame and solve, or both? Explain your answer.
- What challenges are involved in performing a quantitative information security risk analysis?
Question 1
Do ITACS students represent information security vulnerabilities to Temple University, each other, or both? Explain your answer.