Exercise Chapter 15

Exercise Chapter 15
1. Your organization is performing an evaluation of security tools to be used to
provide protection for your company intranet from unauthorized use by
employees and outside intruders. Write a list of evaluation criteria for security
software and hardware to be used, including client software, server software,
network software, and firewall hardware and software.
2. You have been asked to audit your company security plan as it applies to
acceptable employee use of the internet and email. Write a preliminary audit plan;
include scope, objectives and audit steps.
3. Your organization has recently developed criteria for a risk management program.
One goal of the program is to determine the adequacy and effectiveness of the
company IT insurance coverage. Describe how an effective risk management
program can enable a more cost effective use of IT insurance.