IT Security and Risk Management
NMIMS Solution June 2020
1. There has been a recent online breach of system security in a Government organization. As a system administrator with the organization you have been tasked with implementing information security and assessment process within organization. Please enumerate the process you are going to follow to offer robust information security to both the users and management.
2. Staving off critical threats in the current cyber security landscape is a tall order for organizations of any size. When a security breach happens, questions will be raised: Did the shortage of skilled cyber security personnel play a part? Was it down to pure negligence? It would be impossible to say for sure. However, what we do know is that a general lack of capabilities in detection and response is putting organizations across the globe at risk. This can show up in an organization not being able to detect malicious activities fast enough, thereby allowing threat actors to incur significant damage, or not having enough granular information to stamp out such activities from its environment. What are the steps or techniques that an assessor should adopt to ensure successful implementation while formulating a report on the information security assessment process?
3. As the coronavirus spreads, colleges are scrambling to respond to potential health-care crises, campus closures, and other issues that are arising and evolving on a daily basis. A major challenge: How can institutions continue to offer instruction if they decide to close or cancel in-person classes? A growing number are moving classes online as a short-term solution. Universities wants to implement an access control system for its physical and virtual network. Once the access control is implemented, the university is looking towards a regular monitoring framework for its network so that its network is protected towards malicious attacks. As an IT head for the university. Please suggest:
a. An integrated access control framework for the university so that the access to system, physical and virtual resources can be controlled.
b. A monitoring framework for the university so that its network is monitored and its knowledge assets and Intellectual property sensitive information can be secured.