i

Security and Risk Management/Security Concepts

1. In your own words describe what is meant by “defense-in-depth” in security design. Give an example of a combination of security controls that you have seen implemented that show how the combination of security factors improve the overall security.

2. The CIA triad is a common way of describing how confidentiality, integrity and availability concerns form the pillars of information security. Give an example from your experience or a technical article you’ve read that describes methods of improving security of information in each area of the CIA triad. 

3. Describe the administrative management practices of separation of duties, job rotation, and mandatory vacations and their role within operations security.

Security and Risk Management/Intellectual Property, Risk Assessment, and Business Continuity

1.
Explain the differences between Patents, Copyrights, and Trademarks in terms of idea, expression, and symbol.

2. Describe intellectual property laws. What clauses should a termination policy contain to prevent disclosure of an organization’s information?

3. Describe the differences between qualitative and quantitative risk management methods.

4. What are the steps in the business continuity planning process? Why is a clear understanding of a company’s enterprise architecture critical to this process?

5. Describe the steps in a Business Impact Analysis (BIA). What different loss criteria types can be associated with threats identified during the Business Impact Analysis process?