Part -1:
List the three fundamental questions IT security management tries to address.
List and briefly define the four steps in the iterative security management process.
What is the simple equation for determining risk? Why is this equation not commonly used in practice?
Research the IT security policy used by your university or by some other organization you are associated with. Identify which of the topics listed in Section policy addresses. If possible, identify any legal or regulatory requirements that apply to the organization. Do you believe the policy appropriately addresses all relevant issues? Are there any topics the policy should address but does not?
Part -2:
List and briefly define the three broad classes of controls and the three categories each can include.
List and briefly define the elements from the implementation of controls phase of IT security management.
As part of a formal risk assessment of desktop systems in a small accounting firm with limited IT support, you have identified the asset "integrity of customer and financial data files on desktop systems" and the threat "corruption of these files due to import of a worm/virus onto system." Suggest reasonable values for the items in the risk register for this asset and threat, and provide justifications for your choices. Consider the risk to "integrity of customer and financial data files on system" from "corruption of these files due to import of a worm/virus onto system," as discussed in above problem. From the list shown in detailed NIST SP800-53 Security Controls, select some suitable specific controls that could reduce this risk. Indicate which you believe would be most cost effective.
Part -3
List and describe some measures for dealing with inappropriate temperature and humidity.
What principles should be followed in designing personnel security policies?
List the broad categories of security incidents
Part -4:
List and explain the differences among four different categories of audit trails.
What are the main elements of a UNIX syslog facility?
Define three types of intellectual property.
What is digital rights management?
Review the results of a recent Computer Crime Survey such as the CSI/FBI or AusCERT surveys. What changes do they note in the types of crime reported? What differences are there between their results and those shown in Table CERT 2007 E-Crime Watch Survey Results?
Article: Please choose a recent technical article from a referred journal or conference proceedings on the topic of threats and vulnerabilities of computer information systems. You are required to provide:
-A complete reference for the article
-A brief summary and a critical analysis of that article.
Learning Objectives
The purpose of this assignment is to describe and summarize the content and fundamental argument of an article in a concise format, and through this exercise to practice skills in critical reading.
-A paragraph showing the summary of the article
-Your opinion of the article's quality and your own position. Did the writer do sufficient research? Is the article technically correct? Are there elements of the argument that could have been enhanced with more detail or more argumentation? What would a follow-up article contain to be useful to this one? Did you agree with the article? Did it support or change your opinion? If not, then why?
-Use the APA style for references and citations.
Available Sources:
Publications, including conference proceedings from the IEEE or ACM (available through NSU's electronic library). You are encouraged to choose an article from one of the following leading publications in the field. You are also encouraged to cite additional references in the literature when necessary.
Journals
ACM Transactions on Information and System Security (TISSEC)
IEEE Transactions on Dependable and Secure Computing
IEEE Transactions on Information Forensics and Security
Journal of Computer Security
Conferences
IEEE Symposium on Security and Privacy
ACM Conference on Computer and Communications Security
International Cryptology Conference