1. Traditionally, managing IT security and physical security have been treated as two separate domains. Why should they be integrated?
2. Why is top management's awareness and support essential for establishing and maintaining security?
3. Why should those responsible for leading the organization's security efforts be placed high in the organizational chart?
4. The first decision made by Advo's top management in the aftermath of the 9/11 attacks was to improve physical security. Why was attention focused on this particular aspect of security?
5. What are the advantages and disadvantages of using consultants and third-party organizations to provide security-related services? What reasons would a company have for hiring consultants to provide guidance for its security efforts?
6. Why is it a good security practice to have few visitors in a reception area?
7. Identify the security risks involved in allowing networked systems to be used by large numbers of temporary employees who do not need to log in. What password XXXXX should be implemented for stronger user authentication?
8. How far away should a backup site be located from company headquarters? What factors should be considered in determining the location of a backup site?
9. Advo believes that frequent audits help to ingrain a security mindset among the company's employees. What other benefits are there to performing frequent security audits?
10.The vendor of Advo's security management system is Software House. Research the role of Software House in the Open Security Exchange (OSE). What is the purpose of the OSE?