Presentation slides
All Questions
Answers to the following questions should be written up and submitted following the instructions found in the Syllabus and posted to Canvas.
- What is meant by the term “acceptable information system security risk”? Who within the organization determines what is the acceptable level of information system risk? How does an organization determine what is an acceptable level of risk?
- What is an information risk profile? How is it used? Why is it critical to the success of an organization’s risk management strategies and activities?
- How would you go about creating an information risk profile for a small start-up business? Describe what the risk profile for the business would contain? How should the business use the risk profile?
Question 1
What is meant by the term “acceptable information system security risk”? Who within the organization determines what is the acceptable level of information system risk? How does an organization determine what is an acceptable level of risk?
Question 2
What is an information risk profile? How is it used? Why is it critical to the success of an organization’s risk management strategies and activities?
Question 3
How would you go about creating an information risk profile for a small start-up business? Describe what the risk profile for the business would contain? How should the business use the risk profile?
In the News
Wrap Up…
Wrap Up
Unit#1a presentation
Unit#1b presentation
All Questions
- What are 3 types of risk mitigating controls? Which is the most important? Why is it the most important?
- How you would apply the FIPS 199 security categorizations to decide if each of the information security risk mitigations (“safeguards”) described in the FGDC guidelines is needed?
- Which information security objective(s) could be put at risk if the alternative safeguards recommended by the FGDC guidelines are applied? Explain how the objective(s) is put at risk by the mitigation(s).
Unit #2 – All Questions
- Consider Ash Rao’s role as Dean of the Saunders College of Business. How important is his laptop to him? What information might he have on that machine?
- Evaluate the steps that Dave Ballard and Nick Francesco took in response to Dean Rao’s email informing them that his laptop had been stolen.
- Assume you are tasked with designing a new policy that highlights information security best practices related specifically to mobile devices at RIT, including laptops, smartphones, and tablets. The new policy should supplement RIT’s Information Security Policy and Acceptable Use Policy (see the case’s Exhibits 4 and 5). What practices would you recommend? How could you make staff aware of the policy and encourage their compliance?