1. Using a graphics program, design several security awareness posters on the following themes: updating antivirus signatures, protecting sensitive information, watching out for e-mail viruses, prohibiting the personal use of company equipment, changing and protecting passwords, avoiding social engineering, and protecting software copyrights. What other themes can you imagine?
the event of inappropriate use of WLAN technologies, Acme reserves the right to
take whatever steps are deemed appropriate for the specific situation
including, but not limited to, termination of employment and/or legal action.
2. Search the web for security education and training programs in your area. Keep a list and see which category has the most examples. See if you can determine the costs associated with each example. Which do you think would be more cost-effective in terms of both time and money?
a. “With phishing costing an average-sized
organization $3.77 million, Ponemon estimates a cost
savings of $1.80 million, or $188.40 per employee/user. Wombat's fee comes in
at $3.69 per employee, so a little quick math leads to a net benefit of $184.71
per user a one-year rate of return of 50X.” (Wombat Security Technologies)
3. Search the Web for examples of issue-specific security policies. What types of policies can you find? Using the format provided in this chapter, draft a simple issue specific policy that outlines fair and responsible use of computers at your college, based on the rules and regulations of your institution. Does your school have a similar policy? Does it contain all the elements listed in the text?
Statement: This policy addresses fair and responsible use of the
universities wireless local area network (WLAN) technologies. This includes but is not limited to hardware,
software and protocols associated with WLANs.
It is intended for authorized users within the university. Authorized users are defined as anyone.
Appropriate use: Use all technology provided by the university with care and no malicious intent
Violation of Policy: In the event of inappropriate use of WLAN technologies, the University reserves the right to take whatever steps are deemed appropriate for the specific situation including, but not limited to, Expulsion and/or legal action.
4. Use your library or the Web to find a reported natural disaster that occurred at least six months ago. From the news accounts, determine whether local or national officials had prepared disaster pans and if the plans were used. See if you can determine how the plans helped official improve disaster response. How do the plans help recovery?
provides a lot of helpful information to people residing in hurricane affected
areas. The information on this page is has included (Hurricane Basics, Basic
Preparedness tips, Preparing Your Home, Hurricane Watch, Hurricane warning, and
After Hurricane tips) www.fema.gov is a government
assistance program for people that have been affected or are planned to be
affected. FEMA has a coverage map for residents that may be eligible for
5. Classify each of the following occurrences as an incident or disaster. If an occurrence is a disaster, determine whether business continuity plans would be called into play.
a. A hacker breaks into the company network and deletes files from a server.
i. Incident: any business continuity plans would be to let the IT department take further action on who was responsible for the Incident, then respond with legal action whilst repairing the loss of data to the file system.
b. A fire breaks out in the storeroom and sets off sprinklers on that floor. Some computers are damaged but the fire is contained.
i. Incident: any business continuity plans would be in the hands of the fire department to find the source of the fire and inform the company about what to do to avoid future incidents.
c. A Tornado hits a local power station, and the company will be out of power for three to five days.
i. Disaster: The company is losing money from the loss of power due to electronics being down. They could be better prepared with backup generators and UPS’
d. Employees go on strike, and the company could be without critical workers for weeks.
i. Disaster: The companies work flows has dramatically decreased since the strike and people whom the company provides product to are disappointed in the companies’ slow work.
e. A disgruntled employee takes a critical server home, sneaking It out after hours.
i. Incident: This employee should be terminated as soon as possible and recovery of the server is a must along with the integrity of the data on that server.