What are the common/shared risks and what are the different/unique risks faced by desktop applications versus web-based applications?
Question 1
For an organization choosing among Chengdu Sichuan 成都市, Guangzhou Guangdong 广州, and Beijing 京 , from an environmental security perspective – where would be the best place to locate their data center? Why is this place better and the other places worse?
Question 1
The total processing speed of microprocessors (based on clock rate and number of circuits) is doubling roughly every year. Today a symmetric session key needs to be 100 bits long to be considered strong. How long will a symmetric session key have to be in 30 years to be considered strong? (Hint: Consider how much longer decryption takes if the key length is increased by a single bit.) Explain.
Question 1
Based on the facts presented in the case, how far had Fetcher-Allen progressed in these steps by June, 1998? How likely is it that Fletcher-Allen would have achieved full-year 2000 compliance by December 31, 1999? [Explain your reasoning, supported by specific evidence from the case and assigned readings.]
Question 1
What is the difference between identity management and access management?
Question 1
What is meant by the term “acceptable information system security risk”? Who within the organization determines what is the acceptable level of information system risk? How does an organization determine what is an acceptable level of risk?
Question 3
Assume you are tasked with designing a new policy that highlights information security best practices related specifically to mobile devices at RIT, including laptops, smartphones, and tablets. The new policy should supplement RIT’s Information Security Policy and Acceptable Use Policy (case Exhibits 4 and 5). What practices would you recommend? How could you make staff aware of the policy and encourage their compliance?
Question 1
What are the 3 types of risk mitigating controls? Which is the most important? Why is it the most important?
Question 2
What factors contribute to making an employee an information security threat actor?
Question 3
How can employee risks be controlled?