nformation Security Assignment
Directions: Answer all 4 activity questions and cite sources in APA format. (References should be separate for each activity not combined)
1) Please read the following document, University of Nebraska Breach.doc, which discusses a security breach at one of the country’s largest Universities. Discuss the ramifications of the event, what might be the vulnerabilities that were exploited, regulatory and compliance issues associated with the event and what, if you were the CISO would be your recommended course/courses of action to ensure this type of incident did not happen in the future.
2) Please read Microsoft’s Threat Model Analysis, http://msdn.microsoft.com/en-us/library/aa561499.aspx.
Now, describe what you learned. How could you use this model to help improve cyber security in an organization? Please discuss in detail.
3) As you are aware there are a number of government regulations that affect both the public and private sector. Please read Learn the Science of Compliance.pdf. The author makes a strong case for centralized management of IT compliance and the use of software tools to assist in managing compliance programs.
You are the CISO of a large private financial company that is traded on the NY Stock Exchange. You were tasked by the the CIO to develop an IT compliance management program for your organization. What approach would you take to develop such a program? What regulations impact the organization? Would you consider the use of a compliance tool? If so which one and how would you justify the expense?
4) Read the Wachovia Case Study located here, http://gilbane.com/case_studies_pdf/CTW_Wachovia_Final.pdf#_Toc88022904.
Now, select five of the most important concepts that you identified that contributed to the success of integration of IT capabilities. Explain why you chose each one.