Part 1:

Discussion Questions

Discussion 1

"Managing Network Security Through Policies" Please respond to the following:

• Analyze the importance of having acceptable use policies, remote access policies, and network security control policies. Choose one acceptable use policy, remote access policy, or network security control policy and give three reasons why you believe this policy is an effective way to manage network security.

• Assess the risks and threats that may occur if these policies are underdeveloped or unavailable. Recommend three technical appliances that may be used to implement a network security function within your assessment and justify your recommendations.

Discussion 2

"Developing Personnel Security" Please respond to the following:

• Determine three reasons why an organization should define the boundaries of control, identify personnel security functions based on risks, and manage change within the work force. Select what you believe to be the most important reason and explain why.

• Propose three activities that could be performed by the Human Resources Department to screen and hire personnel effectively. Choose one activity you proposed and justify how it would support personnel security functions.

Part 2:

Case Study Submission-

Case Study - Developing the Forensics, Continuity, Incident Management, and Security Training Capacities for the Enterprise

Download and read the following articles available in the ACM Digital Library:

Arduini, F., & Morabito, V. (2010, March). Business continuity and the banking industry. Communications of the ACM, 53(3), 121-125

Dahbur, K., & Mohammad, B. (2011). The anti-forensics challenge. Proceedings from ISWSA '11: International Conference on Intelligent Semantic Web-Services and Applications. Amman, Jordan.

Write a five to seven page paper in which you:

1. Consider that Data Security and Policy Assurance methods are important to the overall success of IT and Corporate data security.

a. Determine how defined roles of technology, people, and processes are necessary to ensure resource allocation for business continuity.

b. Explain how computer security policies and data retention policies help maintain user expectations of levels of business continuity that could be achieved.

c. Determine how acceptable use policies, remote access policies, and email policies could help minimize any anti-forensics efforts. Give an example with your response.

2. Suggest at least two models that could be used to ensure business continuity and ensure the integrity of corporate forensic efforts. Describe how these could be implemented.

3. Explain the essentials of defining a digital forensics process and provide two examples on how a forensic recovery and analysis plan could assist in improving the Recovery Time Objective (RTO) as described in the first article.

4. Provide a step-by-step process that could be used to develop and sustain an enterprise continuity process.

5. Describe the role of incident response teams and how these accommodate business continuity.

6. There are several awareness and training efforts that could be adopted in order to prevent anti-forensic efforts.

a. Suggest two awareness and training efforts that could assist in preventing anti-forensic efforts.

b. Determine how having a knowledgeable workforce could provide a greater level of secure behavior. Provide a rationale with your response.

c. Outline the steps that could be performed to ensure continuous effectiveness.

7. Use at least three quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

• Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

Part 3:

Assignment 2: Identifying Potential Risk, Response, and Recovery

In Assignment 1, a videogame development company recently hired you as an Information Security Engineer. After viewing a growing number of reports detailing malicious activity, the CIO requested that you draft a report in which you identify potential malicious attacks and threats specific to your organization. She asked you to include a brief explanation of each item and the potential impact it could have on the organization.

After reviewing your report, the CIO requests that you develop a follow-up plan detailing a strategy for addressing all risks (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance) identified in Assignment 1. Further, your plan should identify controls (i.e., administrative, preventative, detective, and corrective) that the company will use to mitigate each risk previously identified.

Write a four to five page paper in which you:

1 For each of the three or more malicious attacks and / or threats that you identified in Assignment 1, choose a strategy for addressing the associated risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Explain your rationale.

2 For each of the three or more malicious attacks and / or threats identified in Assignment 1, develop potential controls (i.e., administrative, preventative, detective, and corrective) that the company could use to mitigate each associated risk.

3 Explain in detail why you believe the risk management, control identification, and selection processes are so important, specifically in this organization.

4 Draft a one page Executive Summary that details your strategies and recommendations to the CIO (Note: The Executive Summary is included in the assignment's length requirements).

5 Use at least three quality resources in this assignment (no more than 2-3 years old) from material outside the textbook. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA or school-specific format. Check with your professor for any additional instructions.

• Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required page length.