1. Briefly describe the difference between a risk assessment and an IT security
ID: 386176 • Letter: 1
Question
1. Briefly describe the difference between a risk assessment and an IT security audit.
2. Some IT security personnel believe that their organizations should employ former computer criminals who now claim to be white hat hackers to identify weaknesses in their organizations’ security defenses. Do you agree? Why or why not?
1. What is predictive coding? How is it different from doing key word searches on documents? What are the key issues to weigh when considering the use of predictive coding?
2. Do you believe it is acceptable for a website to assume that consumers are okay with any changes the site makes to it privacy policy unless they explicitly take action to opt out? Explain your reasoning.
Explanation / Answer
Ans-1
IT Risk Assessment can be done by company or any third party involved, whereas IT Risk Audit is to be conducted by a certified professional third party company, which provides relevant certifications in IT security, post successful audit.
IT Risk Assessment is about Assessing and analysing technology/ tools/ IT Infra/ Software support, manpower/ policies etc. involved to identify any kind of financial/ business/ technical risks involved which could hurt or even rupture any business operations, in any way, in present/ future. Whereas IT Audit is about maintaining Compliances related to IT policies/ safe procedures/ ethical governance involved/ Security protocols etc. to avoid any big business losses or non-compliances with any governmental norms/ policies.
Ans-2
Yes many organizations like Microsoft, Google, Banks etc. engage and employ white hat Hackers to measure the strength of their security systems and protocols, possible firewall breaches, payment gateways, data integrity of company as well as clientele, transaction records within and outside the company, intranet/ extranet and many more. Yes, Companies should practice this, as it will make them strengthen their IT security.
Ans-3
Predictive coding uses keyword search, based on mathematical model and artificial intelligence programming to filter relevant data, further sample it with a scanner to bring an automation in document searching to obtain better filtered responses. So the coding and model enables to bring preciseness in search, which document should be reviewed, which one to be rejected.
Regular keyword search is more of manual searching, as like searching a job on a job portal with certain parameters like salary/ location/ designation/ industry etc. It can give many relevant or irrelevant responses, depending on how good the product interface of the portal is and how much is it’s Search Engine Optimized to deliver the required results.
Ans-4
No, it is not acceptable. Privacy policies are highly concerned with confidential consumer data. Opt-in and Opt-out options should always be provided to consumers to decide on their own. Each time, for a change in privacy policy, every consumer should be alerted/ notified/ enquired about their interest to confirm or reject. Companies like Google, Face book, Twitter can be always seen to be following and checking frequently with customers on any kind of privacy policy matters.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.