For this week’s “In the News”, research an article dealing with how secure code development practices (or lack thereof) affected a major software project; was the project more or less successful as a result?
For this week’s Discussion, we consider Application (Software) Development. Answer at least one of the following questions:
- During which phase should Information Security be included? How would you explain to someone that Information Security has a role without a finalized product yet?
- Choose one of the popular software development methodologies, such as Scrum, Agile, or Waterfall; how does the choice of the methodology affect Information Security concerns?
For this week’s “In the News”, research a recent article that relates how an organization was benefitted by their business continuity program, or suffered due to the lack of an adequate program? What are the key lessons learned from the article?
Answer one of the following questions:
- Considering that business continuity does not support day-to-day operations until a crisis situation, how does one justify the design, implementation, maintenance, and testing for business continuity system(s)?
- When using third-parties, how would you gain adequate confidence in their ability to maintain availability for their systems? What techniques or solutions would you use?
For this week’s “In the News”, perform research on one of the following:
- new testing requirements (e.g. SSAE18 SOC1 or SOC2)
- new testing requriements put into place due to regulations
- how security assessments and testing integrates with other domains, such as cloud network architecture, or software development lifecycle?
As you read about security assessments, what can you conclude from this week’s readings about:
- How often security assessments should be performed?
- Are there factors that would decide how often you would perform these assessments?
- Conditions that might alter that schedule?
- What security assessments are most essential?
For this week’s “In the News”, research an article that centers around how identities were compromised to provide access, or how an account that was otherwise authorized was then used for unauthorized purposes.
For this week’s Discussion, consider that you want senior management to support a new Access Management program at your organization. While this may involve technology-based solutions, your budget may be limited and it is therefore essential that senior management provide support and encourage efficient use of the resources that the organization already has.
- Why is access management critical to today’s enterprise?
- What benefits does an enterprise gain from proper access management?
For this week’s “In the News”, research a new technology solution, or new method to utilize a previous technology, to address Communications and Network Security. How does this solution or application revolutionize networks? If this is particular to certain industries, please also include that detail.
When designing a network for an organization, what are the key considerations that should be factored into the design? Why do you recommend those considerations? Also consider how you would address the inevitable situation of scarce resources; how would you prioritize?
For this week’s “In the News”, research and article that discusses today’s approach to Enterprise Architecture. Specifically, how has a recent organization modified their architecture to meet an acquisition, divesture, or change in business?
When designing an architecture for an organization, how do organizations best meet the needs to define reasonable permissions?
As a security practitioner, what measures would you implement to ensure that staff can perform their job duties, but minimize the risk of unauthorized use or disclosure?
During this week, research a recent law concerning privacy. Summarize this recent law for us:
- What information does it protect,
- What controls or limitations does the law specify,
- What organizations need to comply with the law, and
- In which regions would we need to be concerned with this law?
How does this law represent new risk(s) to the organization?
In Domain #2, we discuss Asset Security, and following on Domain #1, recall that Data (or Information) is an organization’s key asset, and that the asset may exist in various forms – not just paper, but those digital assets. Also recall that there are several factors that should be included when determining the true cost or value of the asset to the organization.
How would Data Classification and Data Retention policy help an organization protect the privacy of the customers, as well as maintain the security of the organization’s information?
Research, identify, write and post a summary, and be prepared to discuss in class an article you found about a current event in the Information Security arena. For this week’s theme, research a current cybercrime theme – such as a recent attack, or management research on how organizations are dealing with cybercrime.
As an Information Security professional, how do administrative controls, such as policies, procedures, frameworks, help protect you from the technical threats of cybercrime?
This section allows you to briefly introduce yourself.
You’ve been tasked with consulting an organization that hasn’t had a breach, but their regulator documented an audit finding that they needed to redefine their Incident Response Program. Answer one of the following questions:
- The organization believes their program is adequate; how do you impress upon management that the audit finding is valid?
- How would you develop/draft the project plan to have a workable plan in place prior to the organization’s next annual audit?
Please visit https://canvas.temple.edu for class materials related to this section of MIS 5903