Assignment 1
f'aalh
IT409Assignment1-Questions.docx|
Pg. 02 |
|
خطأ! استخدم علامة التبويب "الصفحة الرئيسية" لتطبيق Heading 1 على النص الذي ترغب في أن يظهر هنا. |
|
|
|
|
Assignment 1
Deadline: 12/02/2019 @ 23:59
[Total Mark for this Assignment is 6]
IT Security and Policies
IT409
College of Computing and Informatics
|
|
|
|
|
|
|
|
Question One
1 Marks
Course Learning Outcome(s):
Chapter 3
CLO2: Develop security policies and put in place an effective security architecture that comprises modern hardware and software technologies and protocols
What is the cost of the loss of data availability to the organization? Give two own examples of threats to data availability.
Question Two
2 Marks
Course Learning Outcome(s):
Chapter 4
CLO 5: Analyze and apply the most appropriate solutions to problems related to the field of Security and Information Assurance
:
|
|
Base case |
Security measure A |
Security measure B |
|
Asset Value (AV) |
100,000 SAR |
100,000 SAR |
100,000 SAR |
|
Exposure Factor (EF) |
80% |
20% |
80% |
|
Single Loss Expectancy (SLE): = AV*EF |
|
|
|
|
Annualized Rate of Occurrence (ARO) |
50% |
50% |
25% |
|
Annualized Loss Expectancy (ALE): = SLE*ARO |
|
|
|
|
ALE Reduction for security measures |
NA |
|
|
|
Annualized security measures Cost |
NA |
17,000 SAR |
4,000 SAR |
|
Annualized Net security measures Value |
NA |
|
|
The goal of a risk tolerance is to weighs the probable cost of compromises against the costs of security measures. We need to compare two different scenarios of security measures and their related risk. Complete the following table and conclude about which security measure is the best.
Note that the ALE Reduction for security measures = the Annualized Loss Expectancy (ALE) without security measure – the Annualized Loss Expectancy (ALE) with security measure.
Question Three
1.5 Marks
Course Learning Outcome(s):
Chapter 5
CLO 6: Recognize processes to implement and enforce policy
Information owners are responsible for classifying data and systems. Suppose you have a savings account at XYZ Bank that may contain your Account number, user ID, Password, residential ID, balance amount detail and transaction details. The bank staff in the bank use that information to service you with care.
Who is the owner of above specified bank account information? Specify the different process of information owner begins with classification of information and ends with declassification.
Question four
1.5 Marks
Course Learning Outcome(s):
Chapter 5
CLO 6: Recognize processes to implement and enforce policy
In a Private sector (commercial), the information system contains the following information:
Employee lists, Laboratory research, Payment card information, Organizational announcement, Product documentation, financial positions, annual reports, financial account numbers.
What type of classification commonly used by the Private sector? Where to fit the above mentioned information under the Private sector classification?
