I will need seperate answers to each question.
I also have other questions, would you be available and how much?
1.Discuss the relationship between core security requirements and the principles of easiest penetration, timeliness and effectiveness.
2.What is the relative positioning of the Bell La Pudula, Biba Integrity and Clark and Wilson models? How do you see one complementing the other?
3.Clearly encryption is essential in ensuring secrecy of communication. Identify characteristics of encryption that make it rather impossible to decrypt.
4.Differentiate between targeted attacks and target of opportunity attacks.
5.What kind of executive level support is essential for ensuring uptake of information system security? How should such a support be generated? What strategies can be put in place to ensure that executive level support is sustained over a period of time?
6.Development of security policies and their implementation is the responsibility of different roles in organizations. Discuss the differences in opinion with respect to development and implementation of security policies.
7.Establishing control structures in systems can best be achieved by focusing on requirement definitions and ensuring that controls get represented in basic data flows. Although such an assertion seems logical and commonsensical, identify and examine hurdles that usually prevent us from instituting such controls.
8.What is the systematic position of risk management in ensuring the overall security of an enterprise? Discuss giving examples.
9."Any reference to corporate governance results in discussing shareholders responsibilities. Perhaps there needs to be a focus on shareholder rights." Comment and compare countries with a common-law tradition (UK, USA, and those with a codified civil law Europe, former colonies). How does this impact the protection of information resources?
10.People who tend to pose the greatest IS security risks are those who have low self-esteem and strongly desire the approval of their peers. People who put more emphasis on associations and friendships relative to maintaining the organization’s value system can cause serious damage to the security. Discuss.
11."There are a number of independent security assurance and certification programs. Each claims itself to be the best in the industry and suggest that their certification allows companies and individuals to place a level of trust in the systems and practices. Can any security certification or assurance program guarantee a high level of success in ensuring security? Discuss.
12.Consider HIPAA and SOX as two cases in point. Consider aspects of each law and comment on the extent to which the laws demand extraordinary measure as opposed to regular good management. Discuss.
13. Information provided in an Intrusion Detection System is useful in dealing with computer crimes. Comment on the legal admissibility of such information.
14. Today security executives perform the difficult task of balancing the art and science of security. While the art relates to aspects of diplomacy, persuasion, and the understanding different mindsets, the science deals with establishing measures, forensics and intrusion detection. Given that security is indeed an art and a science, comment on the role of computer forensics in the overall security of the enterprise.