The purpose of security policies is to help mitigate identified risks. Writing these policies is easier once you have created an asset inventory list, prioritized that list, and identified the major risk exposures found in those assets. The task of identifying your IT assets begins with recognizing that your IT infrastructure and supporting resources can be divided into the seven IT domains. The benefit of identifying the assets and prioritizing them across those domains is being able to document policies in a systematic and thorough manner.
Review the following scenario for Premier Collegiate School.
You are the new director for Information Technology at Premier Collegiate School. The private school teaches grade 7 through grade 12 with 300 students and 30 staff members and faculty. Below is a description of the school’s computing resources
The school's principal has requested that you prepare an IT asset list and a high-level prioritization or ranking of the IT given the function and purpose for administrative or student computing requirements.
Attachments
Answer:
Talking about assets there are teacher's desktops, desktops for administrative people, A notebook laptop owned by the principle and a couple of important file servers.
In addition to that there are also desktop computers which are placed in the computer science labs in which the students can practice their practical assignments.
Desktop computers for administrators are individual desktops which they use for administrative purposes and that should contain appropriate security mechanisms because all the account related information of the school is also stored in those desktops. They should have proper firewall mechanisms. The principal's laptop can be used for business needs as well as she can use it for personal use as well.
The file servers are most important and should be of high priority for security. All the files in the servers ate most valuable for the school.
The asset's criticality should be labelled as "M".
Talking about risks there are risks for leakage of student's educational data, School's finance information and the account information for the school.
For mitigating the risks the schools network should be well protected by using a firewall which would restrict access to certain content over the internet and sharing of any data to any personal belongings should be restricted.
The purpose of security policies is to help mitigate identified risks. Writing these policies is easier...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
First, read the article on "The Delphi Method for Graduate Research." ------ Article is posted below Include each of the following in your answer (if applicable – explain in a paragraph) Research problem: what do you want to solve using Delphi? Sample: who will participate and why? (answer in 5 -10 sentences) Round one questionnaire: include 5 hypothetical questions you would like to ask Discuss: what are possible outcomes of the findings from your study? Hint: this is the conclusion....