1. Why is information security a management problem? What can management do that technology cannot?
Both general management and IT management are responsible for implementing information security to protect the ability of the organization to function.
Decision-makers in organizations must set policy and operate their organization in a manner that complies with the complex, shifting political legislation on the use of technology. Management is responsible for informed policy choices and the enforcement of decisions that affect applications and the IT infrastructures that support them. Management can also implement an effective information security program to protect the integrity and value of the organization’s data.
2. …show more content…
Networking is usually considered to have created more risk for businesses that use information technology. This is due to the fact that potential attackers have more and readier access to these information systems when they have been networked, especially if they are interconnected to the Internet.
5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text.
When an attacker is able to control access to an asset, it can be held hostage to the attacker’s demands. For example, if an attacker is able to gain access to a set of data in a database and then encrypt that data, they may extort money or other value from the owner in order to share the encryption key so that the data can be used by the owner.
6. Why do employees constitute one of the greatest threats to information security?
Employees are the greatest threats since they are the closest to the organizational data and will have access by nature of their assignments. They are the ones who use it in everyday activities, and employee mistakes represent a very serious threat to the confidentiality, integrity, and