Ass1 SIT284

Ass1 SIT284 - confidentiality and availability loss to the...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Assignment 1: SIT284- Introduction to IT Security Management Set Tasks Task 1 [6 marks]: Contingency Planning (2+4= 6 marks) 1. Define information security management Information security management is the protection of information and its critical elements, including the systems, hardware that it uses, store and transmit that information and it includes the broad areas of information security management, computer/data security, network security and policy. Lecture 1.1 slide 7 2. Explain why information security cannot be achieved by technology alone. Give an example to support your answer. Task 2 [12 marks]: Confidentiality, Integrity and Availability (4+4+4= 12 marks) 1. Minor hospital is responsible for providing mental health services across 130 directly-operated sites in Japan. a. Explain why confidentiality, integrity and availability of information to the hospital and to the patients are of utmost important. b. List and explain three consequences of information integrity,
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: confidentiality and availability loss to the hospital and to the patients. c. List and explain two non-technical attacks that can be used to compromise confidentiality of information held by Minor. Task 3 [12 marks]: Contingency Planning (4+8=12 marks) 1. List and describe four different reasons for financial institutions to have a business continuity plan (BCP). Financial loss Customer loss Lecture 30ish 2. Suppose you are the Information Security Officer (CISO) of Fortune Inc. Suppose successful penetration or denial of service attacks with significant impact on operations; significant risk of negative financial or public relations impact has been detected and reported to you. As the CISO, explain the steps you will perform to respond and manage the incident. Incident real? Yes? How severe? Can we handle it or not? Low or high? Low can we stop it? N recovery High disaster plan and then disaster recovery plan Lecture week 3 slide 29ish...
View Full Document

Page1 / 2

Ass1 SIT284 - confidentiality and availability loss to the...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online