COM 590 Assignment 3 Answer all Eight (8) questions. • Submission Requirements A

Question

COM 590

Assignment 3

Answer all Eight (8) questions.

• Submission Requirements

All sentences must be grammatically correct, and free from spelling errors.

Your answer for each question should not exceed 250 words.

Submit a Single Microsoft Word Document.

Font: Times New Roman, Size 12, Double-Space.

Cite all references used in APA format.

1. What is the purpose of defining a framework for IT security policies?

2. Why should an organization have a remote access policy even if it already has an acceptable use policy (AUP) for employees?

3. What security controls can be implemented on your e-mail system to help prevent rogue or malicious software disguised as URL links or e-mail attachments from attacking the workstation domain? What kind of policy definition should you use?

4. Why should an organization have annual security awareness training that includes an overview of the organization’s policies?

5. Consider the following real world situation:

A retired Japanese Coast Guard boat (Takachiho) was sold to a pro-North Korean organization without having assurances that navigational data was deleted. The decommissioned patrol boat could have had as many as 6,000 locations recorded over the 250 days of use. The boat was presumably sold to be turned into scrap. Weapons and radio equipment were removed, but no procedures were in place to ensure that navigational data was securely deleted. It is unknown if navigational data were recovered from vessels disposed of through past sales (Muncaster, 2013).

a. Why was the navigational data on the Japanese Coast Guard vessel not securely deleted?

b. How could the lost navigational data compromise national security?

c. How could the Japanese Coast Guard write an effective data disposal policy?

d. Is a self-assessment of effective security policy a good predictor of actual security? Why or why not?

6. What is meant by Governance Framework? Why is ISO 27000 certification more attractive to companies than COSO or COBIT certification?

7. Locate and read NIST SP 800-53 Revision 4. What are the key benefits of this standard?

8. In your opinion, is the COBIT framework superior to the other standards and frameworks such as the ISO 27000 and NIST? Why or Why not?

Explanation / Answer

1)Answer:

The purpose is to give the creator of the policies some guidelinesand an idea of what they should follow to keep their organizationsafe and secure.The Information Security Framework establishes security policy and practices.To develop a structure for the organization to be able to recognize gaps in the policies.

2)Answer:

Because the Remote Access Policy and Acceptable Use Policy are two different thingsand with the Acceptable Use Policy it covers what is acceptable for all employees within the realm of the organization. Remote Use Policy is just concerned with that particular domain andgives you direction on that domain only.

3)Answer:

Allow access to DMZ using only certain sources or create policies restricting emailsfrom unknown sources. Have antivirus and antimalware protection software detect potential riskbefore opening attachments. Also have an email scanning software scan every incoming email.The Email Policy will cover this.

4)Answer:

To educate and refresh the organization’s members on policies, procedures and allmatters of security.

They should do this to remind employees of the policies and toinform them on any updates to the policies.

and Keep employees aware and up to date on security policies.

5)Answer:

b.How could the lost navigational data compromise national security?

The loss of navigational data could compromise national security by thewrong people discovering the data. It give another country that Japan wasfighting with the advantage with this data.

c.How could the Japanese Coast Guard write an effective data disposal policy?

The Japanese Coast Guard could write an effective data disposal policy byidentifying what type of data needs to be stored and then outline how thedata can be securely disposed.

d.Is a self-assessment of effective security policy a good predictor of actualsecurity? Why or why not?

A self-assessment of effective security policy can be a good indicator of actualsecurity only if the person evaluating can look at it without any bias.Sometimes people will look at their policies as good and effective and don’ttruly see its flaws.

6)answer:

Governance Framework specifies how to do planning, implementation, and oversight.The ISO 27000 certification is more attractive to companies than COSO or COBITcertification because it focuses mainly on IT security where COSO focuses on corporatelevel governance and COBIT focuses on IT governance.

7)Answer:

The key benefits of this standard are the enhanced security controls and overlays likeidentification and applicability.

8)Answer:

I  believe the COBIT framework is superior because it has more a broad approach ongovernance where the other two focuses more on one detail of it. It is in your bestinterest to have a framework that is broad that can possibly covering everything.

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.