Management And Info Security


Write between 600 to 800 words for each of the short-essay questions, no more than two (2) pages per question. All questions are of equal value. You should provide credible references for each question according to the Faculty of Business guidelines.

However, it is expected that answers to questions be succinct (i.e. precise and concise) with all sources of information fully referenced as per APA referencing style. See the CSU guide to APA at

Question 1 – (5 marks) The extended characteristics of principle if information security management are know as six Ps – planning, policy, programs, protection, people, and project management. Discuss and provide an example of each on how these principles could possible apply on current fast changing in organisations.

Question 2 – (5 marks) Describe top-down strategic planning. How does it differ from bottom-up strategic planning? Which is usually more effective in implementing security in a large, diverse organisation?

Question 3 – (5 marks) Discuss the purposes of unified continuity plan in information security management. Which types of organisation might use the various contingency planning components as separate plans? Why?

Question 4 – (5 marks) List and describe the three approaches to policy development presented in chapter 5. In your opinion, which is best suited for use by a smaller organisation and why? If the target organisation are very much larger, which approach would be superior and why?

Question 5 – (5 marks) a) How does training differ from education? Which is provided to the broader audience with regard to information security? b) Establish a list of priority when developing a security awareness program.

Question 6 – (5 marks) Search the Internet for the term security best practices. Compare your findings to the recommended practices outlined in the NIST documents.

Question 7 – (5 marks) a) Describe type of measures used for information security management measurement programs. b) Describe the recommended process for the development of information security measurement program implementation.

Question 8 – (5 marks) Using the data classified scheme presented in the chapter 8, identify and classify the information contained in your personal computer or personal digital assistant. Based on the potential of misuse or embarrassment, what information is confidential, sensitive but unclassified, or suitable for public release?

Question 9 – (5 marks) Using the Web, research the costs associated with the following items when implemented by a firm with 1000 employees and 50 servers (included virtual servers). • Managed antivirus software (not open source) licenses for 500 workstations • Cisco firewall (PIX and ASA or similar firewall devices) • Tripwire host-based IDS for 10 servers • Java programming continuing education training program for 10 employees • Checkpoint Firewall solutions.

Question 10 – (5 marks) Explain the key differences between symmetric and asymmetric encryption. Provide one software utility used in each encryption method. Which encryption method can computer process faster? Which lowers the cost associated with key management?


Rationale for question1 to 5

The rational for this assignment is for you to demonstrate your understanding of: • planning, policy, programs, protection, people, and project management in information security context; • the different of top-down and bottom-up security planning in diverse organisations; • unified continuity plan and usage in information security management; • information security policy development steps and procedures; • training and education programs and its purposes in information security; • how to develop a security awareness program.

Rationale question 6 to 10

This assessment item is designed to test your knowledge and understanding of some of the key ICT management and information security topics and issues.


Marking criteria

Marks will be awarded on the basis of the followings: • how well you can describe technical terms in formal way. • Including relevant diagrams, • completeness of your descriptions, • providing appropriate references, • logical flow of discussion, • spelling, grammar and English expression. • the degree to which you demonstrate your understanding of facts, principles and concepts; (Value: 70%) • 
grammar and presentation; (Value: 20%)
 • referencing. (Value: 10%)

Needs help with similar assignment?

We are available 24x7 to deliver the best services and assignment ready within 3-4 hours? Order a custom-written, plagiarism-free paper

Get Answer Over WhatsApp Order Paper Now