Problem
(a) Give two reasons for companies to implement security measures.
(b) What is the regulatory expectation regarding
i. healthcare information,
ii. financial information?
(c) What does the abbreviation CERT stands for? What is the role of the CERT?
(d) What do you understand by the term security policy? Is it important to have a security policy for a computer system? Justify your answer.
(e) Are attackers often the major cause of damage in computer system? Give two examples of causes of damage other than an attacker.
(f) Which type of attacker poses a higher security risk: malicious insiders or outsiders? Why?
(g) Which security technique allows to perform a quantitative assessment of the relative value of protective measures?