The Detailed Security Risk Analysis approach is believed to provide the most accurate evaluation

/in /by

The Detailed Security Risk Analysis approach is believed to provide the most accurate evaluation, (Stallings & Brown 2018: 490) of an organization’s IT system’s security risks, even though it comes at the highest cost. This approach has evolved with the development of trusted computer systems, initially focused on protecting the confidentiality of the information and reflecting the military concern with information classification.

QUESTION 1

Provide a detailed exposition of the steps that must be followed in carrying out a Detailed Security Risk Analysis.

SECTION B

Answer ANY THREE (3) questions in this section.

QUESTION 2 

2.1 Articulate the difference between a security framework and a security blueprint (4 marks)

2.2 How does a security implementation methodology differ from a security framework? (4 marks)

2.3 There is no such thing as a one-size-fits-all approach to security, and each framework has its pros and cons. Critically analyze this statement. (12 marks)

QUESTION 3 

According to Stallings & Brown (2018: 466) the internet has evolved through roughly four generations of technological deployment culminating into the IoT.

3.1 Identify and outline the four generations of technological deployment through the age of the internet right into the IoT

in their specific order with relevant examples in each generation. (8 marks)

3.2 Identify and describe any four [4] key components of an IoT-enabled device: (12 marks)

QUESTION 4 (20 Marks)

4.1 Provide a detailed outline of the Vandalism or Sabotage threat category, how it might hurt an organization and finally suggest ways in which possibilities of such attacks may be mitigated. (6 marks)

4.2 A form of threat that has emerged in recent years is Information Extortion. Explain what Information Extortion is providing an example of an instance of Information Extortion as well as an example of a type or category of Information

Extortion. (6 marks)

4.3 You are the Information Security Consultant in your organization which is in the middle of an extortion attack. The attacker is demanding a ransom. A very urgent meeting has been called in which you are expected to advise senior management on the steps to take in order to limit the damage and stem it at the current level before the process of recovery from the attack and the associated damage be initiated. Provide details of the step-wise recommendations that you will likely give to management in order to manage and nullify the attack.