FROM BOOK: Principles of Information Security – Edition 6 )Question 1. (Ch 4, Ex 3, page 223) Search the Web for examples of issue-specific security policies. What types of policies can you find? Us
( FROM BOOK: Principles of Information Security - Edition 6 )
Question 1. (Ch 4, Ex 3, page 223) Search the Web for examples of issue-specific security policies. What types of policies can you find? Using the format provided in this chapter, draft a simple issue-specific policy that outlines fair and responsible use of computers at your college, based on the rules and regulations of your institution. Does your school have a similar policy? Does it contain all the elements listed in the text?
Question 2. (Ch 5, Ex 3, page 320) Suppose XYZ Software Company has a new application development project with projected revenues of $1.2 million. Using the following table (please see page 320 of the textbook), calculate ARO and ALE for each threat category the company faces for this project. How might XYZ Software Company arrive at the values in the table shown in page 320?
Question 3. (Ch 6, Ex 3, page 382) Suppose management wants to create a “server farm” for the configuration in Figure 6-18 that allows a proxy firewall in the DMZ to access an internal Web server (rather than a Web server in the DMZ). Do you foresee any technical difficulties in deploying this architecture? What are the advantages and disadvantages to this implementation?
Question 4. (Ch 7, Ex 3, page 445) Using the Internet, search for commercial IDPS systems. What classification systems and descriptions are used, and how can they be used to compare the features and components of each IDPS? Create a comparison sheet to identify the classification systems you find.