6444Organizations around the world often assess their IS security mechanisms and practices by using the Trusted Computer System Evaluation Criteria (TCSEC) or Information Technology Security Evaluation Criteria (ITSEC). The two standards are similar, though there are distinctions. Assume that you are the security manager for an...
6443The USA PATRIOT Act was enacted in response to the September 11, 2001, attacks on the United States. The act allows law enforcement officials to listen to phone conversations or view emails to investigate a potential threat of terrorism. Some believe this power is an...
6426Organizations must abide by the laws created by the governments of their respective countries. Some of these laws affect the IS security requirements or an organization, which may substantially affect the cost incurred by the organization. Looking at common structures for corporations worldwide, consider the following: Where...
6415Read the Case Study at the end of Chapter 10 and answer the following questions. What role did the culture displayed by Caviccha and his supervisors play in the case? Were additional charges warranted against the agent if agency rules were violated? Which type of culture, hierarchical or...
6414The Organisation for Economic Co-operation and Development (OECD) has created a list of principles to aid organizations in dealing with people and organizations in different countries with different cultures. Just because speaking to a colleague in a certain manner is acceptable in one culture does...
6396The ease of access to the Internet has significantly increased incidents of various types of cyber attacks. Read the case study at the end and answer the following question: Discuss the main characteristics of Stuxnet and how it can spread. How was Stuxnet utilized as a...
6395Risk assessment applications help predict the associated effect on an organization if a risk occurs. COBRA and I2S2 are two risk assessment applications that are explained in the textbook. Compare the following two risk assessment/mitigation applications: COBRA I2S2 Create a table with different topics listed as column headings that...
6394The probability of a risk is not the only metric in determining what risks to mitigate. The cost and time associated with the risk, and the overall impact to the organization are some of the factors that must be considered as well. Think about the following...
6389IT departments in organizations are often expected to define a company's information security policy. Although much of the security that needs to be added into an organization may reside in IT, all of the departments are involved in implementing the policies. Which department in an organization...
6376Lesson 07 ‐ Research Assignment Instructions: Suppose you were asked to prepare a cost estimate for a project to purchase laptops for all faculty and staff at your college or university. How would you start? How long would it take you to prepare a good estimate? What type...