Ayesha Rajbhandari


1. Using a graphics program, design several security awareness posters on the following themes: updating antivirus signatures, protecting sensitive information, watching out for e-mails viruses, prohibiting the personal use of company equipment, changing and protecting passwords, avoiding social engineering, and protective software copyrights.





2. Search on the Web for security education and training programs in your area. Keep a list and see which category has the most examples. See if you can determine the costs associated with each example. Which do you think would be more cost-effective in terms of both time and money?

à In a company, all the employee and employers needs to get training about the information security. The following are the resources available:

a.    Center for information security education:

b.    Professional agencies SANS

c.    ISC2

d.    ISSA


Other security education and training centers are

The national domestic preparedness consortium training programs was formed due to the Oklahoma City bombing and delivers weapons of mass destruction training. This institute identifies, develops, tests and delivers training to state and local emergency responders.


3. Search the Web for examples of issue-specific policies. What types of policies can you find? Using the format provided in this chapter, draft a simple issue-specific policy that outlines fair and responsible use of computers at your college, based on the rules and regulations of your institution. Does your school have a similar policy? Does it contain all the elements listed in the text?

à The example of issue specific security policy is:

Fair and responsible use of wireless LAN Technology in an organization classification

this policy addresses use of wireless local area network technology. It has limited hardware, software and protocols associated with WLAN.

The laptop users are permitted to use WLAN solution. To ensure the protection, all the wireless transmission will be secured with authentication and encryption.

Using non-standard hardware, software and protocols are strictly prohibited.


4. Use your library or the Web to find a reported natural disaster that occurred at least six months ago. From the news accounts, determine whether local or national officials had prepared for the disaster plans and if the plans were used. See if you can determine how the plans helped officials improve disaster response. How do the plans help the recovery?

à in Seattle, there was no warning for the people living in the Washington state landslide before a wall of mud, trees and alternative rubble thundered down the mountain, a lot of people did not even know that the side may crumble at any time.

There is no system to watch for slide activity or no effort to landslide hazard maps. the government does not track the inventory slide area on national scale.


5. Classify each of the following occurrences as an incident or disaster. If an occurrence is a disaster, determine whether business continuity plans would be called into play.

For each of the scenarios (a-e), describe the steps necessary to restore operations. Indicate whether law enforcement would be involved.

à a. A hacker gets into the network and deletes files from server.

This is an incident. Law enforcement is not required.

b. A fire breaks out in the store room and sets off sprinklers on that floor. Some computers are damaged but the fire is contained.

à this is a disaster. There is no need of business continuity plan.

c. the tornado hits a local power company, and the company will be without power for three to five days.

à this is a disaster. Law enforcement is not required.

d.. employees go on strike, and the company could be without critical workers or weeks.

This is an incident. Law enforcement is not required.

e.. A disgruntled employee takes a critical server home, sneaking it out after hours.

à this is an incident. Law enforcement is required, if the employee denies that he/she has not taken the server.