Saintleo COM590 Module 3 Assignment Latest 2019 JUNE Question # 00602343 Subject: Education Due on: 06/21/2019 Posted On: 06/21/2019 05:16 AM Tutorials: 1 Rating: 5.0/5

COM590 Strategic Planning Cybersecurity

Module 3 Assignment

Answer all
Eight (8) questions.

• Submission Requirements

? All sentences must be grammatically
correct, and free from spelling errors.

? Your answer for each question
should not exceed 250 words.

? Submit a Single Microsoft Word
Document.

? Font: Times New Roman, Size 12,
Double-Space.

? Cite all references used in APA
format.

1. What is the purpose of defining a
framework for IT security policies?

2. Why should an organization have a
remote access policy even if it already has an acceptable use policy (AUP) for
employees?

3. What security controls can be
implemented on your e-mail system to help prevent rogue or malicious software
disguised as URL links or e-mail attachments from attacking the workstation
domain? What kind of policy definition should you use?

4. Why should an organization have
annual security awareness training that includes an overview of the
organization’s policies?

5. Consider the following real world
situation:

A retired
Japanese Coast Guard boat (Takachiho) was sold to a pro-North Korean
organization without having assurances that navigational data was deleted. The
decommissioned patrol boat could have had as many as 6,000 locations recorded
over the 250 days of use. The boat was presumably sold to be turned into scrap.
Weapons and radio equipment were removed, but no procedures were in place to
ensure that navigational data was securely deleted. It is unknown if
navigational data were recovered from vessels disposed of through past sales
(Muncaster, 2013).

a. Why was the navigational data on the
Japanese Coast Guard vessel not securely deleted?

b. How could the lost navigational data
compromise national security?

c. How could the Japanese Coast Guard
write an effective data disposal policy?

d. Is a self-assessment of effective
security policy a good predictor of actual security? Why or why not?

6. What is meant by Governance
Framework? Why is ISO 27000 certification more attractive to companies than
COSO or COBIT certification?

7. Locate and read NIST SP 800-53
Revision 4. What are the key benefits of this standard?

8. In your opinion, is the COBIT
framework superior to the other standards and frameworks such as the ISO 27000
and NIST? Why or Why not?

References

Muncaster,
P. (2013, April). Japan forgot data wipe on ship sold to Pyongyang. Retrieved
September 18,

2014, from
http://www.theregister.co.uk/2013/04/29/japan_coast_guard_forgets_wipe_data_norks/