Tutorial/Practical 2 (Week 3) – CP3302/CP5603
Remarks: • This tutorial/practical consists of some tutorial-type questions that are chosen from ‘Review Questions’ in Chapters 2 and 3 of the textbook, as well as some practical-type questions that are chosen from: Michael E. Whitman and Herbert J. Mattord, Hands-On Information Security Lab Manual, (third edition), Course Technology, Cengage Learning, USA, 2011. • This tutorial/practical may not be completed in the scheduled practical session for this subject. So you are strongly recommended to complete it in your own time (note that students are expected to work 10 hours per week on this subject, including 3 hours of contact time). • Due to security issues, you may not be allowed to practise all commands and programs of the practical-type questions with the university’s computers. So, interested students are encouraged to do this section on their own computers (if available). You will not be assessed for utilities/commands that cannot be practised on university computers.
1. (Review Question 1 – Chapter 2) Why is information security a management problem? What can management do that technology cannot? 2. (Review Question 2 – Chapter 2) Why is data the most important asset an organization possesses? What other assets in the organization require protection? 3. (Review Question 3 – Chapter 2) Which management groups are responsible for implementing information security to protect the organizations ability to function? 4. (Review Question 5 – Chapter 2) What is information extortion? Describe how such an attack can cause losses, using an example not found in the text. 5. (Review Question 6 – Chapter 2) Why do employees constitute one of the greatest threats to information security? 6. (Review Question 7 – Chapter 2) What measures can individuals take to protect against shoulder surfing?