1. What is the meaning of the CIA triad in Information Security?
2. What is the difference between Symmetric and Asymmetric Key Cryptography
3. What is SSL? What is SET? Which one is technically superior? Which one is the de-facto standard on commercial selling on the Internet?
4. Mention four advantages of Qualitative risk analysis
5. Mention four disadvantages of quantitative risk analysis
6. Define a safeguard....also known as ...................... or .........................
Define a threat
7. How do you calculate the total threat impact?
8. Give two examples of each of the following
9. What should be included in a risk analysis report? Be brief
10. Sketch the different tables for the following with one example row in each
Financial Loss table
Extent of legal implications table
Enterprise Embarrassment table
11. Sketch a Risk Analysis Matrix filled with a few suggested solutions
12. Which method(s) would you use for risk Analysis in the Military Base Network?
Select your top two favorites. Explain why?
1- Vulnerability Analysis
2- Hazard Impact Analysis
3- Threat Analysis
5- Single-time loss algorithm
13. What is the formula used for ALE? (Annualized loss expectancy or Exposure)
14. A company's premises have one chance in a million of being affected by flooding. A flood would cost the company $10 million.
What would be your budget for mitigating the effects of the flood?
Would you start stocking up sand bags in preparation of the flood?
15. A company has a chance 1 in 3,000 of being within ten miles of an earthquake epicenter measuring 5.0 on the Richter scale. The Earthquake will cause $60 million of loss.
What would be the budget for reducing or preventing that damage?
16. A company has one large router that ties all their network segments. If the router dies it will take one day to repair. There is 70% chance that failure will occur once every 24 months. The outage will cause 1000 people to be out of work for a day. The company estimates the loss of productivity to be $68,000
How much should you spend for router redundancy?
17. What is BS7799? What is ISO 17799?
18. What is the difference between the Red Book and the Orange book in US government and defense security
19. What is ITSEC?
20. What is The Common Criteria?
21. T or F In risk analysis, the value of an asset can be estimated by asking for the book value from the accountant
22. T or F Security policies usually have to be written in a policy document
23. T or F Cost Benefit analysis is probably the most important step in any risk analysis process
24. Give an example of risk avoidance
25. Give an example of risk acceptance© BrainMass Inc. brainmass.com October 24, 2018, 8:24 pm ad1c9bdddf
Information Security Risk Analysis is considered.
Security, Privacy, and Other AIS Issues
Security, Privacy, and Other AIS Issues
You've been hired by a growing organization to perform systems consulting work. The CEO has concerns about systems security and the impact of privacy considerations on the organization's AIS. She is also interested in learning more about new and emerging AIS technologies that the organization should consider. You have been asked to provide a report on these areas. Your report will be used as a basis for planning and developing improvements to the AIS.
Prepare a 1,750-2,150-word paper to deliver your findings to the CEO. In your paper, include the following:
a. A disaster recovery/contingency plan that includes the following:
1) Identification and analysis of procedures to detect vulnerabilities and security threats
2) Identification and analysis of risks and risk mitigation measures, including plans for
a) Systems and data recovery
b) Off-site data storage
c) Business continuity
b. An analysis of the impacts of privacy considerations on AIS (i.e., HIPAA)
c. Identification and evaluation of new and emerging AIS technologies and processes, including the following:
1) A summary of the advantages and disadvantages of the changes brought on by using e-business technologies (B2B, B2C, XBRL) in accounting systems
2) A comparison of similarities and differences between batch and real-time transaction processing
3) An explanation of accounting electronic data interchange (EDI) processes
4) An analysis of the potential use of XBRL in the organization
3. Respond to the Discussion Questions posted by your instructor. Post to the