An organization is changing the way it works. For the past ten years, the organization has operated out of a downtown office, and all employees were expected to report onsite for work. Because of the increased costs of real estate, the executive management has identified substantial savings if all employees worked remotely from their homes and the organization maintained only a small office for meetings and executives downtown. The organization has never allowed outside access to its networks and has never allowed equipment off-premises prior to this change. Now employees are being issued laptops, tablets, and smartphones to do their work. What preventive information assurance controls and tools should the organization be concerned with as part of this change?
The CIO of an organization is trying to prioritize the information assurance workload of the organization. The CIO has asked the CISO to take vulnerability scanner output and add it to the organization’s dashboard. The CIO then tasks the organization’s system owners to correct the most “critical” vulnerabilities first. Is this the most prudent plan to minimize risk in the organization?
An organization is struggling. After years of investing in research and development, a competitor appears to have stolen design documents for the organization’s flagship product. The organization’s CISO has been asked to give a presentation to the board regarding the best metrics to monitor to prevent information leakage in the future. What information assurance metrics should the CISO propose?
Why should information assurance place such an emphasis on crisis management and business continuity when disaster recovery is an IT function?
How can organizations ensure their backup information is protected and the integrity of the backup is assured?