Notes and requests:
- All work should be your own – you’re free to use the text, your notes, or other research sources other than your classmates or other people. All sources must be cited. That means you should have a citation in every answer ... But if the source is the textbook, class discussion, or your own work experience, feel free to cite them that way, e.g. “(textbook)”, “(class discussion)”, or “(work experience)”. No need to go find a specific article or page number from the text.
- Grammar, punctuation, and spelling count for 20% of the total point value. Use spell check - don’t let points slip through your fingers! Answers should be in prose/paragraph form, not outlines. Exceptions: if a bullet list or table is a clear and convincing way to present part of an answer, that will be acceptable.
- Include the original question with your answer, so it’s clear which one you’re answering ☺.
1. You are responsible for managing elections in the United States. What concerns do you have about the perception of the election process, in terms of its information security? Describe the risks to each part of the CIA triangle
2. The Internet of Things (IoT) is a big topic of discussion among InfoSec professionals, with new risks created by connecting previously “dumb” devices to the Internet, not only for home use, but also for online security cameras, industrial sensors and controls, and other such things. Pick two examples of newly Internet-connected devices, and describe the potential risks that are created because of the Internet connection. Your answer can be in terms of personal risks (for consumer products) or business risks (because of workplace connections or other reasons). Feel free to use additional research resources. (2-3 paragraphs)
3. Consider a company like Facebook, which serves millions (billions?) of customers, and claims to require that each account be associated with exactly one person, and that the person must correctly identify themselves. Describe at least two approaches that might be used to uniquely and positively identify individuals before they sign up for an account (so that I can’t claim to be someone else, for example), and the data access required to make that happen. These could be online or human-assisted validation approaches. Comment briefly on the tradeoffs between your two approaches. (2-3 paragraphs)
4. Cloud computing, while not new, is gaining in visibility and popularity, both among consumers and businesses. How does using a cloud computing service affect an organization’s risk management? Name at least three aspects of cloud operations that make things easier for the InfoSec team, and three aspects that make things harder for the InfoSec team to be confident about their security management. Explain why.
5. Bring your own device, or BYOD, is a hot topic in the security industry. What are at least three areas of the information security practice that are affected by people bringing their own electronic devices into the workplace, and using them for work purposes? Identify the three areas, and comment briefly on how each is affected by BYOD.(2-3 paragraphs)
6. Think about home security – how we protect the physical and other assets in our homes. What are at least four layers of “defense in depth” in physical home security, and how do these compare and relate to their counterpart principles in information security? (2-3 paragraphs)
7. Consider the recent flurry of data leaks and breaches from large, formerly reputable companies (most recently, Yahoo!), which indicate that perhaps organizations continue to be more vulnerable than previously known. What (perhaps additional) risk control strategies might organizations utilize to mitigate the risk and damage of these events? How could disclosure, both of the breach itself, as well as details of how the breach happened, help to improve security for the Internet as a whole? (2-3 paragraphs)