How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Mijcar Your Own Question

Mijcar
Mijcar, Teacher
Category: Homework
Satisfied Customers: 224
Experience:  Taught 40 years College & HS * MS in Math * Published Writer
Type Your Homework Question Here...
Mijcar is online now
A new question is answered every 9 seconds

Do we really need to understand and place great importance

Resolved Question:

Do we really need to understand and place great importance on the informal controls prior to establishing security rules? Why or why not?

Even though information system security goes way beyond the security of the technical edifice, applications and organization resources can only be protected by using the latest security gadgets. Isn’t this a contradiction in itself?
Submitted: 1 year ago.
Category: Homework
Expert:  Mijcar replied 1 year ago.

Mijcar :

The problem with the "technical edifice" is that it is of human design and can always be circumvented by human design. The simplest example would be that of the user who merely copies confidential data onto a flashdrive and takes it off site. More sophisticated examples are offered by analogy. A century ago, more or less, designers of safes would look for unbeatable security systems, i.e. safes that couldn't be cracked. Constantly, however, criminal technology would match security technology, and safes would be cracked. Similarly, today we know that however good our security systems are, some time in the future some sophisticated design will allow unlicensed access to important data.


 

Mijcar :

And while some breaches of security of purely technical (a well-written attack application), others rely on human behavior. For example, personnel in the "middle area" could be bribed. That is, security itself could be weakened by either intercepting the delivey of the security system or by placing someone within the security system itself.


 

Mijcar :

The point is simple. No security system is so perfect it can be divorced from human behavior and attitude. What people do as routine behavior can be either security supportive or security weakening. Making unnecessary digital copies is threatening to a security system. Renaming them so they are not recognizable to company personnel is threatening. Removing them from the premises is really dangerous. Leaving them unattended is a major red flag.


 

Mijcar :

It seems like a regular monthly occurrence that we read about a major data loss where a notebook computer is stolen from a vehicle while its user is eating at a restaurant, that national security plans have been lost on some missing flashdrive.


 

Mijcar :

(Hi, Matthew!)


 

Mijcar :

You weren't around, so I started this based on my interpretation of your question. Is this the nature of what you are looking for?


 

Mijcar :

Michael


 

Customer:

I need the answer to be broken into two answers, can you do that?


 

Customer:

1st question


Do we really need to understand and place great importance on the informal controls prior to establishing security rules? Why or why not?


 


 


Even though information system security goes way beyond the security of the technical edifice, applications and organization resources can only be protected by using the latest security gadgets. Isn’t this a contradiction in itself?

Mijcar :

Okay, ... Although I'm not sure I see the contradiction that is supposed to be implied in the second question. Maybe that's because I've done so much security support for some of my clients.


 

Mijcar :

My analogy to the safes of yesteryear would apply in part to that. Let me think about a development that is clear.


 

Mijcar :

Do you want two separate self-contained statements or two separate answers contained within a single document (which makes more sense to me as security is always two-pronged)?


 

Mijcar :

Matthew, are you there?


 

Customer:

I will need seperate answers to each question.


I also have other questions, would you be available and how much?



1.Discuss the relationship between core security requirements and the principles of easiest penetration, timeliness and effectiveness.


2.What is the relative positioning of the Bell La Pudula, Biba Integrity and Clark and Wilson models? How do you see one complementing the other?


3.Clearly encryption is essential in ensuring secrecy of communication. Identify characteristics of encryption that make it rather impossible to decrypt.


4.Differentiate between targeted attacks and target of opportunity attacks.


5.What kind of executive level support is essential for ensuring uptake of information system security? How should such a support be generated? What strategies can be put in place to ensure that executive level support is sustained over a period of time?


6.Development of security policies and their implementation is the responsibility of different roles in organizations. Discuss the differences in opinion with respect to development and implementation of security policies.


7.Establishing control structures in systems can best be achieved by focusing on requirement definitions and ensuring that controls get represented in basic data flows. Although such an assertion seems logical and commonsensical, identify and examine hurdles that usually prevent us from instituting such controls.


8.What is the systematic position of risk management in ensuring the overall security of an enterprise? Discuss giving examples.


9."Any reference to corporate governance results in discussing shareholders responsibilities. Perhaps there needs to be a focus on shareholder rights." Comment and compare countries with a common-law tradition (UK, USA, and those with a codified civil law Europe, former colonies). How does this impact the protection of information resources?


10.People who tend to pose the greatest IS security risks are those who have low self-esteem and strongly desire the approval of their peers. People who put more emphasis on associations and friendships relative to maintaining the organization’s value system can cause serious damage to the security. Discuss.


11."There are a number of independent security assurance and certification programs. Each claims itself to be the best in the industry and suggest that their certification allows companies and individuals to place a level of trust in the systems and practices. Can any security certification or assurance program guarantee a high level of success in ensuring security? Discuss.


12.Consider HIPAA and SOX as two cases in point. Consider aspects of each law and comment on the extent to which the laws demand extraordinary measure as opposed to regular good management. Discuss.


13. Information provided in an Intrusion Detection System is useful in dealing with computer crimes. Comment on the legal admissibility of such information.


14. Today security executives perform the difficult task of balancing the art and science of security. While the art relates to aspects of diplomacy, persuasion, and the understanding different mindsets, the science deals with establishing measures, forensics and intrusion detection. Given that security is indeed an art and a science, comment on the role of computer forensics in the overall security of the enterprise.


 


Mijcar :

Wow, these are interesting questions. Some of these I can respond to off the top of my head; some require extensive research.


 

Mijcar :

I know I don't have the time to deal with them all. More to the time, if you are under a time limit, you want more than one expert working on these questions. That means you need to separate them into meaningful bundles. Even a simple question like #13 has inherent difficulties -- for example, I know a lot about HIPAA and nothing about SOX, so I would have to waste your time researching SOX when someone else could probably deal with that quickly.

Mijcar :

Moreover, even though by chance I am a useful source on the HIPAA part of the question, you would find more Experts in the Law categories. If you like, I can separate the questions for you into what I consider packages of equal difficulty and recommend what categories you put them in.


 

Customer:

I would need them by next Thursday if you are available


 

Mijcar :

Here, in the homework category, we have expertise in writing, in mathematics, in general technical areas (for examples, chemistry, physics, history, poetry), and are good researchers. However, when we encounter a specialized question ("what is the best material for making a container to hold liquid nitrogen?"), that may mean we spend a lot of time researching what appears to be a simple answer ("the best material is ____") and then the customer feels we need too much for an answer and the Expert feels he is being offered too little. :-)


 

Mijcar :

I could provide good support on 3, 4, and 10. That's because they all have a strong underlying psychological or mathematical/logical component, all of which are my specialties.


 

Mijcar :

I have the expertise to help with or at least comment on 7, 11, 13 and 14.

Mijcar :

But I bet there are Experts here who can fill in the holes faster. One way or another, whoever's working on these, you will need to separate the questions sufficiently that they match the value of the question enough for whoever will be doing the work.


 

Customer:

Lets start with these first two and go from there, thanks


 

Mijcar :

Good. I am going to seem to be leaving chat because I will work on those two in a word document, then come back and post the results.


 

Customer:

OK, thanks


 

Mijcar :

Quick question: Did your teacher provide you with his/her definition of "informal controls"? This is a rather general phrase, and could be used in a number of different ways. If not, then I will use my own definition.


 

Customer:

No all of these are straight out of the book which has not arrived at my location as of yet.

Mijcar :

Good grief! That can't be much good for you. Well, I will deal with it.


 

Mijcar :

Matthew, are you there?


 

Mijcar :

Please let me know if the file above is visible to you.


 

Mijcar :

Okay, I checked myself and don't see it. Next test: Is the following link visible and accessible? http://ww2.justanswer.com/uploads/TH/TheMathTeacher/2012-10-24_180122_informal_security_-_1.docx


 

Mijcar :

And, yes, it is. Please read over the answer above to the first question. Here is the supporting document for the definition and conclusions:


http://ww2.justanswer.com/uploads/TH/TheMathTeacher/2012-10-24_180729_informal_security.pdf

Customer:

Everything looks good for questions #2, how do I see the answer to question #1?

Mijcar :

I think you mean vice-versa. Question #1 is about informal controls.


 

Customer:

Yes sorry


 

Mijcar :

Good. Working on 2 as we speak.


 

Mijcar :

Matthew, are you there?


 

Customer:

Yes, I am reading the second part


 

Mijcar :

Okay. Let me know when you're done.


 

Customer:

Everything looks good


 

Mijcar :

Great. Any questions on anything in either of these?


 

Customer:

No, thanks


 

Mijcar, Teacher
Category: Homework
Satisfied Customers: 224
Experience: Taught 40 years College & HS * MS in Math * Published Writer
Mijcar and 10 other Homework Specialists are ready to help you

JustAnswer in the News:

 
 
 
Ask-a-doc Web sites: If you've got a quick question, you can try to get an answer from sites that say they have various specialists on hand to give quick answers... Justanswer.com.
JustAnswer.com...has seen a spike since October in legal questions from readers about layoffs, unemployment and severance.
Web sites like justanswer.com/legal
...leave nothing to chance.
Traffic on JustAnswer rose 14 percent...and had nearly 400,000 page views in 30 days...inquiries related to stress, high blood pressure, drinking and heart pain jumped 33 percent.
Tory Johnson, GMA Workplace Contributor, discusses work-from-home jobs, such as JustAnswer in which verified Experts answer people’s questions.
I will tell you that...the things you have to go through to be an Expert are quite rigorous.
 
 
 

What Customers are Saying:

 
 
 
  • Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help. Mary C. Freshfield, Liverpool, UK
< Last | Next >
  • Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help. Mary C. Freshfield, Liverpool, UK
  • This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!! Alex Los Angeles, CA
  • Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult. GP Hesperia, CA
  • I couldn't be more satisfied! This is the site I will always come to when I need a second opinion. Justin Kernersville, NC
  • Just let me say that this encounter has been entirely professional and most helpful. I liked that I could ask additional questions and get answered in a very short turn around. Esther Woodstock, NY
  • Thank you so much for taking your time and knowledge to support my concerns. Not only did you answer my questions, you even took it a step further with replying with more pertinent information I needed to know. Robin Elkton, Maryland
  • He answered my question promptly and gave me accurate, detailed information. If all of your experts are half as good, you have a great thing going here. Diane Dallas, TX
 
 
 

Meet The Experts:

 
 
 
  • Manal Elkhoshkhany

    Tutor

    Satisfied Customers:

    4520
    More than 5000 online tutoring sessions.
< Last | Next >
  • http://ww2.justanswer.com/uploads/BU/BusinessTutor/2012-2-2_115741_Kouki2.64x64.jpg Manal Elkhoshkhany's Avatar

    Manal Elkhoshkhany

    Tutor

    Satisfied Customers:

    4520
    More than 5000 online tutoring sessions.
  • http://ww2.justanswer.com/uploads/LI/lindaus/2012-6-10_04811_IMG20120609164157.64x64.jpg Linda_us's Avatar

    Linda_us

    Finance, Accounts & Homework Tutor

    Satisfied Customers:

    3121
    Post Graduate Diploma in Management (MBA)
  • http://ww2.justanswer.com/uploads/ComputersGuru/2010-02-13_051118_Photo41.JPG LogicPro's Avatar

    LogicPro

    Engineer

    Satisfied Customers:

    3035
    Expert in Java C++ C C# VB Javascript Design SQL HTML
  • http://ww2.justanswer.com/uploads/lanis/2009-4-1_233717_phput9xef_c1pm.jpg Lani S.'s Avatar

    Lani S.

    Tutor

    Satisfied Customers:

    2457
    Registered Nurse, Internet Researcher, Private Tutor
  • http://ww2.justanswer.com/uploads/chooser77/2009-08-18_162025_Chris.jpg Chris M.'s Avatar

    Chris M.

    M.S.W. Social Work

    Satisfied Customers:

    2341
    Master's Degree, strong math and writing skills, experience in one-on-one tutoring (college English)
  • http://ww2.justanswer.com/uploads/JawaadAhmed/2009-6-27_12137_SIs_SHadi.jpg F. Naz's Avatar

    F. Naz

    Chartered Accountant

    Satisfied Customers:

    1975
    Experience with chartered accountancy
  • http://ww2.justanswer.com/uploads/JK/jkcpa/2011-1-16_182614_jkcpa.64x64.jpg Bizhelp's Avatar

    Bizhelp

    CPA

    Satisfied Customers:

    1873
    Bachelors Degree and CPA with Accounting work experience