Information Security Policy – Digital Forensics It Skills Discussion Questions
Information Security Policy – Digital Forensics It Skills Discussion Questions
1)If you were asked by your employer to develop a new Information Security Policy, where would you turn to find resources to build this policy? List the two most important items you would include in this new policy and explain why you felt these were most important.
2)What do you believe to be the most compelling reason to migrate information to the cloud? What is your biggest security concern about doing so?
3)Many believe that cloud computing can reduce the total cost of computing and enhance “green computing” (environmental friendly). Why do you believe this to be correct? If you disagree, please explain why?
4)Explain in your own words why you believe planning is important. Select one of the following businesses: a large bank, a government agency, or a hospital, and explain which systems you feel are mission critical. Then explain how the loss of these systems would affect the organization.
5)Have you or someone you know ever received a chain letter, phishing message, or some other fraudulent message via email? If so, please share this experience. Explain what type of message it was and what you did to get rid of it.
6)What do you think is the single greatest physical threat to information systems? Fire? Hurricanes? Sabotage? Terrorism? Something else? Discuss this question and provide support for your answer.
7)In a corporate, networked setting, should end users be allowed to install applications on their company workstations, whether the applications are on a DVD or downloaded from the Internet? Be sure to weigh security against usability.
8)Many people believe that the use of biometrics is an invasion of privacy. For example, an eye scanning device records the inner structure of a person’s eye and stores that image in a database. Critics worry that databases of human traits used to maintain corporate security may actually pose a privacy threat to individuals, if such data were used in other ways. In your view, are such concerns justified? Why or why not?
9)Do you believe that all data should be encrypted? Many computing professionals think this is a good idea. But a small number of computing experts feel that no data should be encrypted—that all data and software should be openly available to anyone who wants it. Explain your answer (whether you believe all data should or should not be encrypted).
10)What are the main reasons why a VPN is the right solution for protecting the network perimeter? Do they also provide protection for mobile devices?
11)A digital forensics professional must know basic IT skills, understand computer architecture and networking, and have analytical and investigative skills, as well as strong attention to detail. Why do think all of these skills are necessary?
12)If you could, what would you do to help create a national “security culture,” in which everyone is more knowledgeable and proactive about threats to information security?
13)Please share your thoughts on the positive aspects of our 3-day residency experience. If you have recommendations as to how we may improve this experience, please share that also.