These exercises provide you with the opportunity to apply concepts and ideas that have been presented in the text and discussion so far. They also provide you the chance to continue to look for the missing links – the needs we’ve not identified yet, or the implications of choices you’ve just made (wearing your brand-new Information Security hat) that we’ve not thought of before. In most cases, you’ll need to use an example to illustrate your reasoning; this should be a real-world example, drawn either from your own personal and professional experiences or from events reported on in the news or professional literature.
Strong Hint: You may need to go beyond the textbook, and do some additional inquiry & research on the Web, to make a meaningful and complete answer to these questions. As you do, be sure to cite your sources in your submitted answers!
- What is an “information security gap?” Is it the same as an information assurance gap? How do you find one (or, is it something you find multiple instances of in a typical organization?)
- What seems to be missing from what the book describes as possible causes of an information security (and assurance) gap? What would you add to the recommendations in the textbook as to how you should go about doing this kind of gap analysis?
- Compare and contrast the four formal models of access control, as discussed in the text. What aspects of an organization’s information security and assurance need would seem to dictate the choice of which of these models to use? Can these models be combined in meaningful ways?
- The text discusses several (more classical) data and systems integrity models, such as Bell-La Paluda, Biba, Clark and Wilson, and Brewer and Nash. How do these differ?
- Consider an organization in which multiple people have to fulfill multiple roles, throughout a typical work cycle (day, week, year, etc.); in an ideal world, these roles should not overlap. In practice, having the same individual fulfill multiple roles in an organization can be a good thing – but it can also lead to unintended or unwanted side effects, particularly if the individual can in effect use covert paths to combine information (and take action) in ways that would not be appropriate. How would you suggest this issue be dealt with? Do the different approaches to verification of identity need to accommodate verification of role as well, in circumstances like this? Explain.
Do you need urgent help with this or a similar assignment? We got you. Simply place your order and leave the rest to our experts.