In: Computer Science
1. Why is leadership outlook on security critical to employee buy-in at all levels? Give examples to justify your position.
2. How can the CIA triad of security be applied to an organization and not just a single system? Give examples to support your position.
3. What are some of the legal issues involved with privacy data? List at least three of these issues and the type of system that would need to consider legal use of the data associated with the issue.
4. What are the challenges to implementing security policies in an organization when they have not been in place previously? Give examples to support your position.
1. Why is leadership outlook on security critical to employee buy-in at all levels? Give examples to justify your position.
For the following reasons, the leadership outlook on security is essential for employee buy-in at all levels
A. When the software development team works under a management who recognizes the importance of security, the code will not be released "as soon as possible." They will buy the required time to carry out secure coding practices and rigorous penetration testing.
B. When the security team needs to buy security tools (firewalls, anti-virus, IDPS programs, Identity and Access Management tools, etc.) or when they are looking to hire highly skilled professionals in their group, they need management to greenlight their spending plan and budget.
C. To penetrate and permeate the "security culture" through all staff levels, it is important that it starts from the top.
Example - Once management acknowledges the vital need for training in security awareness, it is easier to draft policies that make training mandatory for all staff, as well as continuing to carry out training on a regular basis.
2. How can the CIA triad of security be applied to an organization
and not just a single system? Give examples to support your
position.
Companies adopt a three-part structure known as the CIA triad as companies develop information security programs.
Confidentiality
Integrity
Availability
The intent behind the triad is simple; the three guiding principles are intended to shape appropriate use policies and other policies that relate to organizations ' information security systems.
Such three concepts together form the foundation of the security infrastructure of any organization; in addition, they should serve as priorities and objectives for any security program. The CIA Triad is so unconditional to the security of information that when data is leaked, a network is targeted, a client takes a phishing trap, an account is hacked, a website is maliciously deleted, or any number of other security incidents occur, you can be certain that one or more of these concepts have been violated.
Eg - For example, confidentiality of data is important for a financial company, so it would certainly encrypt any classified document that is transmitted digitally to prevent unauthorized people from reading its contents.
3. What are some of the legal issues involved with privacy data?
List at least three of these issues and the type of system that
would need to consider legal use of the data associated with the
issue.
A.Biometric Technologies -
Biometrics is the term used for the various ways in which particular features of our bodies can be recognized by us humans. The most commonly known biometric authentication is fingerprints. Certain biometric signatures are hand impressions, vein dimensions iris patterns, retinal blood vessels, body odor, the way we walk, and our voices, among others. We also have a unique genetic profile for each of us. The geometry of the face is measured in the biometrics of facial recognition.
Advocates of privacy and civil rights are extremely concerned about the widespread use of biometrics systems. These systems may easily be used for the creation of a documented dissident database to be used for purposes of social control.
B. Internet of Things -
The Internet of Things can be described as a network in which smart objects continuously transmit information over the Internet without any human interaction being required. Generally speaking, these tools relay their data to servers or cloud Instead of using computers, the Internet of Things uses smart devices with sensors or RFID tags capable of measuring and transmitting information on things like position, temperature, speed, or vital signs.
The danger of privacy is the vast quantities of information that these smart objects constantly transmit over the Internet. In reality, the Internet is rapidly evolving into a monitoring tool that is "always on."
C. Big Data -
Big Data refers to the tools, processes, and procedures that enable an organization to create, manipulate, and manage large data sets. Compiling "Big Data" can often entail collecting very large amounts of different sources of information. It could include public record data, proprietary business records, and social network data such as Facebook and Twitter. In reality, one of the main applications of "Big Data" analytics software is to collect information that people willingly share on social networks. The tools that are now available to analyze "Big Data" present a lot of challenges to privacy.
4. What are the challenges to implementing security policies in an
organization when they have not been in place previously? Give
examples to support your position.
After a new security policy has been drafted and implemented, it comes with its own challenges to enforce and ensure it is followed
Disciplinary actions -
The security team (and likely the HR and legal teams) must be up to the disciplinary actions specified in the breach of the policy.
Regular training -
To ensure that the staff involved understand the need for the policy, its importance, and the strict consequences of not following it, the security team must conduct regular training.
Old habits die hard -
Employees are used to doing things in a certain way and can slip
back into old practices that break out of sheer (bad) habit of new
security policies.
Resistance-
Most people have to change their first impulse is resistance. The security team needs to be aware of this and be vigilant and diligent in training and enrolling the workers impacted by the plan.
Constant monitoring -
Upon carrying out the new policy, the security team must devote resources and time for a considerable period to constantly monitor employee behavior and ensure adherence to policies.