Assignment: IT Security and Policies
Question One
What is the cost of the loss of data availability to the organization? Give two own examples of threats to data availability.
Question Two
The goal of a risk tolerance is to weighs the probable cost of compromises against the costs of security measures. We need to compare two different scenarios of security measures and their related risk. Complete the following table and conclude about which security measure is the best.
|
Base case
|
Security measure A
|
Security measure B
|
|
Asset Value (AV)
|
100,000 SAR
|
100,000 SAR
|
100,000 SAR
|
|
Exposure Factor (EF)
|
80%
|
20%
|
80%
|
|
Single Loss Expectancy (SLE): = AV*EF
|
|
|
|
|
Annualized Rate of Occurrence (ARO)
|
50%
|
50%
|
25%
|
|
Annualized Loss Expectancy (ALE): = SLE*ARO
|
|
|
|
|
ALE Reduction for security measures
|
NA
|
|
|
|
Annualized security measures Cost
|
NA
|
17,000 SAR
|
4,000 SAR
|
|
Annualized Net security measures Value
|
NA
|
|
|
Note that the ALE Reduction for security measures= the Annualized Loss Expectancy (ALE) without security measure -the Annualized Loss Expectancy (ALE) with security measure.
Question Three
Information owners are responsible for classifying data and systems. Suppose you have a savings account at XYZ Bank that may contain your Account number, user ID, Password, residential ID, balance amount detail and transaction details. The bank staff in the bank use that information to service you with care.
Who is the owner of above specified bank account information?Specify the different process of information owner begins with classification of information and ends with declassification.
Question four
In a Private sector (commercial), the information system contains the following information:
Employee lists, Laboratory research, Payment card information, Organizational announcement, Product documentation, financial positions, annual reports, financial account numbers.
What type of classification commonly used by the Private sector? Where to fit the above mentioned information under the Private sector classification?
Format your assignment according to the following formatting requirements:
1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.
2. The response also include a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.
3. Also Include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.