Problem 1: Do a quick search for a recent information security breach that has been reported in the last 6 months. Write a brief paragraph outlining what you think this incident might mean for information security practice.
Problem 2: Using a web search engine (or some other approach), find an example of either a corporate vision statement, a corporate mission statement or corporate goals, that express concern for the security of corporate information.
- Briefly describe any difficulties you may have had in finding a suitable mission statement. Did you use any specific search strategies?
- It should have been clear that many organisations don't deal with information security at that level - what are the implications of this lack of attention to information security at this level?
- Does the statement link to other security related documents, such as a security policy, standards of some sort (either internal or external), or an action plan of some sort?
Problem 3: Article
Please read the following article before coming to the tutorial this week and provide answers to the questions in your submission:
Mitnick, K (2005), 'Gambling with security', The Age, March 8 2005,
Think about the issues this might raise with respect to information security practice in organisations.
You should identify some of the obvious security weaknesses in the organisation's security environment, including two technical and two human related security weaknesses.
What might be some things that organisations could do to protect themselves from these types of attacks?
Do you think it is reasonable for organisations to employ former hackers as security consultants?