Assignment
Special Publication 800-30 Risk Management Guide for Information Technology Systems Recommendations of the National Institute of Standards.
Question 1) In a page, explain the McCumber cube and how we can use it in information security?
Question 2) How is SecSDLC related to SDLC? What are the differences in each stage?
Question 3) What are the US efforts in protecting privacy? In a page, explain chronically how each effort contributes to privacy.
Question 4) In two pages, compare SP 800-30 "Risk Management Guide for Information Technology Systems" to the risk management framework we discussed in class. You can find SP-800 document in the "Reading" folder under "Week 4" folder.
Question 5) In order to develop an information security blueprint, we can use published information security models. Let's assume that you want to develop an information security blueprint for penn campus. In a page, compare and contrast "ISO 27000" series to "ST 800" series. Then, decide which series you would prefer, and identify specifically which document you would choose to start developing your own information security blueprint, and explain why. (Make sure that your answer is no longer than two pages.)