Computer security Discussion

profilekecho22
computer_security_qa.txt

Q 1 "Acceptable Use Policy and Access Control” Please respond to the following: Organizations should have policies that describe which users have access to sensitive systems and data, for what purpose, and for how long. Assume that you are an IT manager in charge of creating your organization’s new Acceptable Use Policy. What are the most important items to add to that policy in order to help enforce access control? Explain your answer. Question 2. Access Control in Business. Please respond to the following: Determine whether employees should be allowed to bring personal wireless devices (such as the Apple iPad or the Motorola Xoom) to the workplace and access the Internet via the company’s network to conduct business functions. Explain the risks that businesses get exposed to when employees use personal devices over the company’s network. The 3 access control strategies include DAC, MAC, and RBAC. Choose a business and provide a specific real-life example of how you could use each of these strategies for that business. Question 3 Assume that you have to hire someone who will have a high level of access in your company. What kinds of considerations should an HR person have when hiring someone like this? Some organizations check your credit score. Is that fair? What kinds of controls would you have in an accounting environment to avoid potential embezzlement? Name at least 5 controls and discuss how they would prevent someone from being able to embezzle money. Question 4 "Physical Security Access" Please respond to the following: Assume you are interviewing for the position of IT Security Manager. The Chief Security Officer hands you the case from our e-activity and asks you to suggest ways that the data center could have prevented the intruders from being able to enter the building. She also asks you to determine which of these methods is the most predictable and explain why. What is your response? Then, she asks you to propose some methods that could be applied to data protection even if hardware such as servers, laptop computers, and tablet personal computers were stolen. She asks you which of these methods you believe would be the most effective and why. What is your response? Question 5 "Automated Auditing" Please respond to the following: •CAATTs can be helpful when dealing with immense amounts of data. However, developing a CAATT system can be time consuming. Argue for or against the use of CAATT systems. •Identify the key elements of building an effective CAATT system. Elaborate on two (2) challenges faced when designing an effective CAATT system, and suggest possible solutions to these problems. Question 6"Audit Project Control" Please respond to the following: •Compare and contrast an IT Audit project with other projects which might be found in an IT department. Describe two (2) challenges that are unique to IT Audit projects. Suggest an approach to mitigate each challenge you selected. •Based on the challenges identified, describe the controls that the project manager would need to implement in order to overcome potential project control issues.