• Computer Security Incident Response Policy: A Sample
  • Why should organizations update their BCP, BIA, RTOs, and RPOs?
  • How do risk management and risk assessment relate to a business impact analysis for an IT infrastructure?
  • Why is it critical to align the RTO and RPO standards within the policy definition itself?
  • Why is a policy definition required for a computer security incident response team?
  • Why is a post-mortem review of an incident the most important step in the incident response methodology?
  • How do an incident response plan and incident response team help reduce risks to the organization?
  • Why is it a good idea to include human resources on the incident response management team?
  • The Imitation Game: A Core Values Essay
  • Remote Access Policy: A Sample
  • Should an organization mention that it will be monitoring and logging remote access use in its remote access policy definition?
  • What security controls, monitoring, and logging should be enabled for remote VPN access and users?
  • Why is it a best practice of a remote access policy definition to require employees and users to fill in a separate VPN remote access authorization form?
  • What strategies can organizations implement to keep security awareness top of mind with all employees and authorized users?
  • What are some strategies for preventing users or employees from downloading and installing rogue applications and software found on the Internet?
  • When trying to combat software vulnerabilities in the workstation domain, what is needed most to deal with operating system, application, and other software installations?
  • How does a security awareness training policy impact an organization’s capability to mitigate risks, threats, and vulnerabilities?
  • An Analysis of the Systemic Security Weaknesses of the U. S. Navy Fleet Broadcast System, 1967-1974, as Exploited by CWO John Walker
  • The Devin Nunes memo to the House Permanent Select Committee on Intelligence
  • Ethical Computer Use Policy
  • Lone Star Credit Union: A Separation of Duties Case Project
  • Why is it important for an organization to have a policy definition for business continuity and disaster recovery?
  • Why the seven domains of a typical IT infrastructure help organizations align to separation of duties
  • When using a layered security approach to system administration, who would have the highest access privileges?
  • Why do you want to refer to technical standards in a policy definition document?
  • How does separation of duties throughout an IT infrastructure mitigate risk for an organization?
  • Policies for the seven domains of a typical IT infrastructure
  • Sale of the Japanese Coast Guard Boat (Takachiho): A Case Study
  • New Hampshire Security Breach Notifications
  • Information Classification: Who, Why, and How
  • Is the COBIT framework superior to the other standards and frameworks such as the ISO 27000 and NIST?
  • What are the key benefits of NIST SP 800-53 Revision 4?
  • Why should an organization have annual security awareness training that includes an overview of the organization’s policies?
  • What security controls can be implemented on your e-mail system to help prevent rogue or malicious software disguised as URL links or e-mail attachments from attacking the workstation domain? What kind of policy definition should you use?
  • Why should an organization have a remote access policy even if it already has an acceptable use policy (AUP) for employees?
  • What is the purpose of defining a framework for IT security policies?
  • Computer Incident Response Team (CIRT)
  • The Chinese Wall Security Policy
  • Specialty Medical Clinic: A HIPAA Case Project
  • How do you overcome employee apathy toward policy compliance?
  • What is difficult about policy implementation in a flat organization? What is difficult about policy implementation in a hierarchical organization?
  • Do employee personality types differ between hierarchical and flat organizations?
  • Do employees behave differently in a flat versus a hierarchical organizational structure? Explain your answer.
  • Organizational Information Security
  • What security controls can be deployed to monitor users that are potentially in violation of an AUP?
  • Why must an organization have an acceptable use policy (AUP) even for non-employees, such as contractors, consultants, and other third parties?
  • Why does an organization want to align its policies with the existing compliance requirements?
  • Will the AUP apply to all levels of the organization? Why or why not?
  • Why is an Acceptable Use Policy not a fail-safe means of mitigating risks and threats with the user domain?
  • Do compliance laws, such as HIPAA or GLBA, play a role in AUP definition?
  • Can Internet use and e-mail use be covered in an acceptable use policy?
  • Why do organizations have acceptable use policies (AUPs)?
  • What are three risks and threats of the user domain?
  • Why Do Organizations Need Security Policies?