1) Write a 100- to 200-word short-answer response for the following: Supporting Activity: Security Personnel
Do you think that security personnel require specific skills? Should security practices by an organization be used to prevent the misuse of information and to control employee behavior?
2) Write a 100- to 200-word short-answer response for the following: Supporting Activity: End-User Education
What are three implications of end-user education in information security for businesses? How can someone working in information security effectively estimate the value of these approaches?
3) Write a 100- to 200-word short-answer response for the following: Supporting Activity: Information Security Policy
How can an organization make sure all its users know and follow its information security policy? What are the common hindrances? How can an organization overcome them?
4) Write a 100- to 200-word short-answer response for the following:
Supporting Activity: Monitoring Networks
How can an organization monitor its networks to insure that its data and systems are secure? Describe some of the methods and steps they would take, and the systems each method would protect.
Running Case: Stratified Custom Manufacturing
5) Write 100- to 200-word short-answer response to the following:
What specific policy, ethical rules, and legal rules did James break, if any?
6) Write 100- to 200-word short-answer response to the following:
What should Nubrio have done when asked to perform a questionable task with a vendor that had not gone through the company's strict accreditation process for vendors? Do you think he will come to regret having let this contract without a paper trail?
7) Write 100- to 200-word short-answer response to the following:
What happens when a major stockholder and founding member violates company rules, procedures, and processes?
8) Write 100- to 200-word short-answer response to the following:
When an organization undertakes an InfoSec-driven review of job descriptions, which job descriptions must be reviewed? Which IT jobs not directly associated with information security should be reviewed?