Imagine you're a senior executive for a large company. You've just been put in charge of your companies Information Security (IS) Program and told that your mandate is to prevent cybercrime through developing sound policy. Your primary challenges are twofold: 1) You are a transnational company and employees travel all over the globe; and 2) Your company has no active audit program in place to quantify vulnerabilities and potential losses from attacks to information systems. Attack them one at a time...
Realizing that when employees travel they are exposed to risk and possible cyber attack... You need to put information security protocols in place for individuals traveling abroad; specifically what other steps will you put in place to ensure that information (and equipment) will be secure? Will your plan vary depending on the countries your employees visit or is it one security plan works for all countries visited? Why? What steps must employees take before leaving and how will you measure that those steps have been taken?
Your other immediate challenge is to discuss with management the challenges associated with quantifying vulnerabilities and potential losses from attacks to your company's computer systems. What's involved in doing that and what are some of the biggest challenges involved in accomplishing that kind of assessment?