IT Security and Policies
Question No. 1
The introduction to ISO 27002:2005 includes this statement: "This International Standard may be regarded as a starting point for developing organization-specific guidelines. Not all of the controls and guidance in this code of practice may be applicable. Furthermore, additional controls and guidelines not included in this standard may be required."
Explain how this statement relates to the concept of strategic alignment.
Question No. 2
a) What is Cyber Insurance and what does it generally cover?
b) Why would an organization purchase cyber-insurance?
c) What is the difference between first-party coverage and third-party coverage?