1.  If an organization must evaluate the following three information assets for risk management, which vulnerability should be evaluated first for additional controls? Which should be evaluated last?


-      Server WebSrv6 should be evaluated first for controls than Operators, than Switch L47 for the last to evaluate.


2.  Using the data classification scheme in this chapter, identify and classify the information in your personal computer or personal digital assistant. Based on the potential for misuse or embarrassment, what information would be confidential, sensitive but unclassified, or for public release?


-      On my own PC I would say the pictures I have of me and Miranda, computer specs, videos games.


Case Exercises

1.  Did Charlie effectively organize the work before the meeting? Why or why not? Make a list of important issues you think should be covered by the work plan. For each issue provide a short explanation.


-      Yes, he organized the work be the meeting, because heís giving the department reps what data is an asset and how then should they make better security procedures and policies around those assets.


2.  Will the company get useful information from the team it has assembled? Why or why not?


-      Yes, as they are reviewing all their assets to see where impact of vulnerabilities may happen.


3.  Why might some attendees resist the goals of the meeting? Does it seem that each person invited was briefed on the importance of the event and the issues behind it?


-      They might believe this matter does not concern them as they think since theyíre not a part of the IT team none of those matters concern them for what they do. Yes, as Charlie did tell them why they were here and what roles they would be playing in the risk management plan.


Ethical Decision Making

1.  In the hour just before the meeting which the data was due, she made up some values without much consideration beyond filling the blanks. Is Amyís approach to her assignment ethical?


-      No, itís not right to make false data just because you had something else to do after and forgot about it.


2.  Is Amy now ethically justified in falsifying her data? Has Charlie act ethically by establishing an expected payback from this arrangement?


-      Technically yes since Charlie did say that but still since this is a business you canít give false data and have the problems come out at a later date. Charlie has now a problem that will occur in the later future that may mess data of that organization in that department.