What is an information risk profile? How is it used? Why is it critical to the success of an organization’s risk management strategies and activities?
Question 2
A company’s physical security team analyzed physical security threats and vulnerabilities for its systems. What types of vulnerabilities did the company focus on?
Question 2
How would you apply the security categorization standards (FIPS 199) to decide if each of the information security risk mitigations (“safeguards”) described in the Guidelines for Providing Appropriate Access to Geospatial Data in Response to Security Concerns are needed?
Question 2
Longer keys are more difficult to crack. Most symmetric keys today are 100 to 300 bits long. Why don’t systems use far longer symmetric keys—say, 1,000 bit keys?
Question 2
Why is it important to a business to care about the difference between identity management and access management?
Question 2
At the end of the case, Sadlemire observes, “This project sometimes plays second fiddle to other projects that I believe are less critical.” What “other projects” do you think he is referring to here? What advice would you give Sadlemire to help him address this issue of conflicting priorities?
Question 3
What should Bob Sadlemire tell the Board of Trustees at the June meeting?
Question 3
How are digital certificates and drivers’ licenses similar, and how are they different?
Question 3
How would you determine if an applications development project team was using secure coding practices?
Question 3
How would you go about creating an information risk profile for a small start-up business? Describe what the risk profile for the business would contain? How should the business use the risk profile?