What is the relationship between a business impact analysis and a disaster recovery plan?
Question 1
Do ITACS students represent information security vulnerabilities to the school, each other, or both?
Explain the nature of the vulnerabilities ITACS students represent in the context(s) you chose?
Question 2
Is information security a technical problem, a business problem that the entire organization must frame and solve, or both? Explain the nature of the problem in the context(s) you chose.
Question 3
Provide an example of a measurement used in quantitative information security risk analysis.
What challenges are involved in calculating such a measurement?
Question 1
How would you determine if an organization’s network capacity is adequate or inadequate? What impacts could be expected if a portion of an organization’s network capacity is inadequate?
Question 2
Suppose an organization is only able to filter and selectively block either: a) network traffic coming into its intranet from the internet (incoming) or b) network traffic going out to the internet (outbound). With respect to each of the 3 information system security objectives (i.e. confidentiality, integrity, and availability), if you could only filter and selectively block one network traffic direction which one you would you concentrate on and why?
Question 3
In the contexts of being attacked by or unwittingly becoming a resource for distributed denial of service (DDoS), which is a bigger threat to an organization’s network and computer resources and why: Spam phishing or Spear phishing?
Question 1
Consider Ash Rao’s role as Dean of the Saunders College of Business. How important is his laptop to him? What information might he have on that machine?
Question 1
Are employees information security risks to organizations? If so, why? If not, why not?
Question 2
Evaluate the steps that Dave Ballard and Nick Francesco took in response to Dean Rao’s email informing them that his laptop had been stolen.