1) There are two approaches to information security policies: the parallel approach and the integrated approach. Explain each of them.
Which one is more efficient? Explain your response.
2) Describe each of the six stages of the employee life cycle using your own words.
3) Define and provide examples for the following using your own words:
Information assets
Information system
4) Based on what the Federal Information Processing Standard 199 (FIPS-199) requires information owners to classify information and information systems? Provide a detailed answer.
5) Are there any differences between classifying governmental information and commercial information? And are there any common levels of classification have been used to classify governmental information and commercial information? Explain your answers and supported them with examples (NOT from the book or slides).
6 ) Can a company make a change on classified information? Assuming now a company feels that such information need higher protection or the company decide to make some information that was classified as secret to be accessed by public. Here, is there any mechanism or process that allows a change in classified information. Explain your answers and supported them with examples (NOT from the book or slides).