Short answer Discussion questions

Disaster Recovery

IV Work at the XYZ Financial Bank, and a fellow co-worker approaches you and states the only safeguard controls needed for the bank are the physical controls. Based what you have learned about safeguard controls, discuss whether you support your co-worker’s position, or refute the claim of just using physical controls. Defend your answer.

V Risk mitigation, which is part of the risk management plan, takes place once you have identified and analyzed your risks. Risk mitigation is identifying the strategies you are going to use to accept, avoid, share/reduce, or work around the identified and analyzed risks. Which of the seven domains do you think will be the easiest to identify, and which will be the hardest? Defend your answer.

 

Cybersecurity Law and Policy

IV A single point of failure is a huge issue and is to be prevented at all costs. Especially when it comes to policies and documents because those are critical to day-to-day operations. Communication is key and it is vital that everyone is on the same page. One advantage that comes to mind when separating duties for a combined effort is that everyone can focus on one thing at a time and not be overwhelmed with so much at once. This will aid in empowering your team to achieve the objectives of the organization as well as making your employees specialists in their respective duties. Another advantage is accountability in the workplace. If someone doesn’t do their part in their duties, you can hold them accountable for not fulfilling their duty or see if they are able to fulfill that duty so you can set them up for success with another duty if they aren’t able to fulfill that duty.

V Many organizations have policies and procedures in place regarding information systems and security. However, many of these policies are stored in locations not readily available to employees. What would be your approach to ensure all employees of the organization are fully aware of the policies to secure the organizational infrastructure along with practices accepted by the organization?