
Chapter 1 Review pp.58-60:
Questions # 3, 5, 6, 9, 10, 12, 13, 15, and 18
3.
CIA triad is the standard of an industry because industries always have some vital information, which
can't be shared with the external sources. So it makes some standards and codes to deliver the
message to other persons, following a protocol helps in productive distribution of the information.
person. The main components of CIA are Policy, Education, Technology, Storage, Processing and
Transmission
Some more components are there:
Privacy - the information will be used in different ways and it can be approved by that person who is
providing it. It is necessary to protect the data with standardizing the policies of the organization
Identification - the system should recognize the person who is using the system for safety purpose.
Every person should have their own login and password for using the information. It helps ensure the
information as per the requirement of the personnel.
5. The information which will be collected, used and stored by the organization which must be used
only by the purpose stated by its data owner during the time of collection.
Privacy not only means observation of one’s data, but It can also mean that the information provided is
secured from the person provided.
Nowadays people have been taking active part in securing the personal data and are also looking
forward for governments help to protect the data.
6. Identification: It secures unauthorized access to the information system by various means like
asking the user ID or passwords. It is the first stage wherein the system checks for the authorized
users.
Authentication: It takes place when a control system confirms that a user possesses the identity
that he/she claims.
Authorization: After the authentication of a user, authorization process assures that the user is
authorized by the proper authority to access, addition or deletion of the information.
Accountability: The person who made the change in the information is the one who is responsible
for the actions.
9. Types of Malwares is viruses, worms, Trojan horses, logic bombs and back doors.
Computer virus is a segment of codes which will induce into other programs for performing actions.
Worms are malicious software's which will replicate itself continuously without providing another
program for a safer environment.
Trojan horse will emit viruses or worms based on the local workstation.
10. ransomware is a kind of pernicious software from crypto virology that undermines to distribute the
casualty's information or ceaselessly block access to it unless a payment is paid. While some basic
ransomware may lock the framework in a way which isn't troublesome for a learned individual to turn
around, further developed malware utilizes a method called crypto viral extortion, in which it encrypts
the casualty's records, making them out of reach, and demand a ransom payment to decode them.
« Back up your information
The single greatest thing that will vanquish ransomware is having a frequently updated backup. In the
event that you are assaulted with ransomware you may lose that record you began before early
today, however in the event that you can restore your system to a prior snapshot or tidy up your
machine and restore your other lost reports from backup, you can breathe a sigh of relief.
12. Technological obsolescence is a security danger brought about by the board's possible absence of
arranging and inability to foresee the innovation required for developing business prerequisites.
Mechanical out of date quality happens when the foundation gets obsolete, which prompts problematic
and conniving frameworks. Therefore, there is a danger of loss of information trustworthiness from
assaults. It can be protected using a proper planning from management. As it is discovered, outdated
technologies should be replaced. Information technology should help in management for identifying the
possible obsolesce,
13. It absolutely has value as it is the output and result of the creativity and innovation from the
organizational personnel. It might even result with the involvement of organization's resources hence,
it is owned and must be used for the purpose of organization in all the means.
The value can be threatened by the attackers in the following ways:
+ The organization's IP might own their unique set of the identification and trademarks, if once
stolen could be delivered to the counter competitors that creates a great loss
- It might be greater chance of offending of blackmail business with the hackers, who gained its
access and at the same can deny access for the authorized users
- It is identified as a great economic loss to the value that the organization gained over a period of
Time
-Thus, IP is highly essential and the greatest asset of the organization.
15. Adenial-of-service attack
It means when the attacker sends a large number of data or an information request to the target.
This system occurs when stream of request is launched and it is coordinated in nature. This system
was launched against the target from large number of locations at same duration.
A distributed denial-of-service attack
This attack is more harmful and dangerous in nature. In this, the DoS attacks get compromised and
then they get used as zombies to carry out the denial-of-service attack and this target is against the
single target. The DoS attacks are the difficult one in nature and it is impossible to defend against it.
Companies don't have any control on it.
The DOS attackers are known as a single user who sends large number of connections. The DDOS
means when there is large number of users. The DDOS is more dangerous than a DOS because in
DDOS we can't block larger number of users to solve the problem.
18. Leadership and management are similar in nature. But its functions and roles are different in the
organisation.
Leadership provides the purpose, direction and motivates the organisational employees, to make
them achieve the objective of the organisation.
The management is the highest authority of the organization that makes rules and regulations, the
ultimate decision-making authority rests with the management. Other members of the organization
have to follow the rules of the management for the completion of targets.
If employees don't follow the rules and regulations of the management than the leader can guide
them and help it to achieve the goals of the company.
The managers got appointed by the management. By taking the proper interview of the manager the
management hires the person, and he plays a vital role in the success of an organization objectives.
The Leader in a company, whether formal or informal, helps the employees to achieve the targets
whereas the Managers don't provide any leadership rules to company's employees.

Exercises # 4 and 5
4. Hence it leads to an invention of electronic devices like blue boxes, red boxes and black boxes which
further will help hackers for accessing a network and to make free phone calls. Security
administrators will be benefitted from "The Official Phreaker's Manual" by using the knowledge which
will be given inside the manual in order for protecting ones communication systems.
5. Therefore the site which will be given in a question basically deals with reduction for security risks
which will be present within various environments such as healthcare, education, sensitive
infrastructure and entertainment.

Chapter 2 Review pp.118-120:
Questions # 1, 2, 4, 10, 11, 16 and 17
1. The three general categories of unethical and illegal behavior are:
- Ignorance
+ Accident
+ Intent
2. “Deterrence" is the best method for preventing an illegal or unethical behavior.
4. Information Systems Audit and Control Association (ISACA) is the professional organization that is
focused on auditing and control
10. The USA PATRIOT Act was at first settled in the year 2001 for furnishing the United States with
an approach to explore and react to the assaults that occurred on the New York World Trade
Center. The USA PATRIOT Act was at first ordered in 2001 as an instrument to furnish the United States
with a way to research and react to the 9/11 assaults on the New York World Trade Center. It
was adjusted by the USA PATRIOT Improvement and Re approval Act of 2005, which became
law in 2006. Some aspects of the law have been updated as recently as 2015.
11. In the context of information security, privacy is an individual's right to guard personal information
from unauthorized use. It is also defined as the "state of being free from unsanctioned intrusion,"
which means that information can be gathered and used only if the individual providing the
information agrees to the manner in which it will be used
16. A policy is a formalized description of acceptable and unacceptable employee behavior, which, when
properly defined and enforced, functions the same way as laws within the organization.
Unlike with law, however, ignorance is an acceptable defense, so steps must be taken to assure that
policy is communicated, understood, and accepted by employees.
17. Due care is an organization taking measures to ensure that each worker comprehends what is
adequate and what isn't, and that each representative knows the outcomes of unlawful or
untrustworthy activities. Units standard course of tasks, an organization utilizes due consideration to
shield itself against
risk coming about because of unlawful or deceptive activities by any worker.
Exercises # 1, 2 and 4
1. CISSP stands for Certified Information Systems Security Professional. It is ensured in data security
territory. It essentially centers in preparing and affirmations for digital protection, data security,
programming security, and framework security experts.
2. Mainframe science and Electrical Engineering
4. Thus border reconnaissance bill is the government charge that would drastically extend trawl
biometric and other observation of U.S. residents and foreigners the same close and at the U.S.
border.

Chapter 3 Review pp.165-167:
Questions # 2, 3, 4, 5, 6, 10, 12, 14, and 19
2.
1. Tactical Planning
2. Strategic Planning
3. Operational Planning
3.
The stakeholders are the part of the Organization, they have a stake therefore they are much interested
in the goal of the planning.
4.
Values Statement: It is the commitment, honesty, integrity and social responsibility among its
responsibility and is committed to providing its services in in harmony with its Organization.
Vision Statement: It focuses on future goal of the company that what the company actually need to
improvement
Mission Statement: It is a action based statement in the Organization. It also tell that purpose of the
Company and the customers how they serve
5.
Strategy is a process of achieving some specific objectives in an organization. It also provides effective
information service at minimal cost in support of the highest quality.
6.
InfoSec governance: It is a strategic planning responsibility.
10.
Security convergence is a process combining the two security functions such as physical and logical
which provides the security resources for the Organization.
12.
System development life cycle (SDLC) It is a methodology for the design and implementation of an
information system.
14.
Primary objective of SecSDLC: Identification of a specific threats and the risk that they represent as well
as the subsequent design and implementation of specific control to counter those threats and manage
the risk.
19.
CSO: It is responsible for the protection of all physical and information resources within the
organization.
Exercises # 2, 5 and 6
2.
Examples of Values statement:
1. Value statement of Bayer Company is,’ It is committed to operating sustainably and addressing
ones social and ethical responsibilities as a corporate citizen. ones Bayer values of Leadership,
Integrity, Flexibility and Efficiency - represented by the acronym LIFE - guide ones actions as it
will work to accomplish ones mission "Bayer: Science for a Better Life."
2. Value statement of McDonalds, it will place the customer experience at the core of all it will do.
People are committed to ones people. It is believed in the McDonald's System. It will operate
ones business ethically. It will give back to ones communities. It will grow ones business
profitably. People strive continually to improve
3. Value statement of merck Company , , At merck , a business on the business on the basis of
common values . the Success is based on courage , achievement, responsibility , respect ,
integrity and transparency.
4. Value statement of Whole food markets is, One will sell the highest quality natural and organic
products available. People satisfy, delight and nourish ones customers. People support team
member happiness and excellence. People serve and support ones local and global
communities. Users practice and advance environmental Stewardship. Users create ongoing
win-win partnerships with ones Suppliers. Users promote the health of ones stakeholders
through healthy eating education.
5. Value statement for IBM is, Dedication to every client's success, innovation that matters for
ones company and for the world, and trust and personal responsibility in all relationships.
Examples of Vision statement:
1. Vision statement for Avon's : To be the company that best understands and satisfies the
product, service and self-fulfillment needs of women—globally..
2. Vision statement of Coca-cola company, The framework for ones Roadmap and guides every
aspect of ones business by describing what Users need to accomplish in order to continue
achieving sustainable, quality growth.
3. Vision statement of AT&T,To design and create in this decade the new global network,
processes, and service platforms that maximizes automation, allowing for a reallocation of
human resources to more complex and productive work.
4. Vision statement of Toyota as a global Toyota will lead the way to the future mobility, enriching
lives around the world with the safest and most responsible ways of moving people. Through
ones commitment to quality, constant innovation and respect for the planet, Users aim to
exceed expectations and be rewarded with a smile. Users will meet ones challenging goals by
engaging the talent and passion of people, who believe there is always a better way.
5. Vision statement of Infosys International Inc,To help ones clients meet ones goals through
ones people, services and solutions
Examples of Mission statement:
1. Mission statement of Bayer Company, Bayer is a global enterprise with core competencies in
the fields of health care, agriculture and high-tech polymer materials. As an innovation company,
Users set trends in research-intensive areas. ones products and services are designed to
benefit people and improve ones quality of life. At the same time Users aim to create value
through innovation, growth and high earning power.
2. Mission statement of Starbucks Coffee Company is, To inspire and nurture the human spirit one person, one cup and one neighborhood at a time
3. Mission statement of Merck Company ones aspiration is to make great things happen. With
ones research-driven specialty businesses, Users help patients, customers, partners and the
communities in which Users operate around the world to live a better life. Users achieve
entrepreneurial success through innovation.
4. Mission statement of McDonalds, McDonald's brand mission is to be ones customers’ favorite
place and way to eat and drink. ones worldwide operations are aligned around a global strategy
called the Plan to Win, which center on an exceptional customer experience - People, Products,
Place, Price and Promotion. Users are committed to continuously improving ones operations
and enhancing ones customers’ experience.
5. Mission statement of Avon, Avon's mission is focused on six core aspirations the company
continually strives to achieve: Leader in global beauty, Women's choice for buying, Premier
direct-selling company, most admired company, Best place to work, to have the largest
foundation dedicated to women's causes
Publicity declared organizational strategies
Coca-cola Company follows focus strategy. It means it focuses on the market in a sense that,
Focus on needs of consumers, customers and franchise partners
Get out into the market and listen, observe and learns Possess a world view
Focus on execution in the marketplace every day
Be insatiably curious
Merck Company focuses on expansion strategy. The company aims at further expansion and having
a strong market position in long term. Merck also intends to further expand its market leadership in
Fertility with the help of influencing the complete portfolio of products and life cycle management
activities, and by capturing growth opportunities in emerging markets. McDonalds has followed
leadership to re-ignite ones business by fast and convenient campaign, a radical adjustment of the
company's product portfolio to meet emerging food industry trends; and refurbishing of McDonald's
restaurants to achieve a branded, updated, and more natural dining environment. 5. According WalMart's blog, there are 3 generic business strategies and it consist of the Focus strategy, the
Differentiation strategy, and Overall Cost leadership.
5.
Converged Enterprise Risk Management :
The convergence of Information technology security ad ERM
Which include the information related to IT security the Convergence of physical and Information
Security in the context of ERM
Which includes the integration of different security management functions with the
company's ERM which helps to define converged way of security in managing ERM.
Corporate Security and ERM
Which defines business objectives , risks and threats related to the company.
Awareness of operational processes, relevant safety data, techniques, and strategies;
Thorough risk analysis activities and documentation of hazards, risk consequences and
mitigation strategies (risk controls); and Ability to spot threats in operational environment (identify),
and then document any new hazards.
6.
Risk expectation and alleviation a key perspective on big business risk over all danger vectors
and basic business measures; facilitated risk insight and distinguishing proof with incorporated
organization of moderation procedures.
Extended capabilities imparted goals to esteem for generalist abilities to help the drive for the
more extensive viewpoint and associated technique.
Formalized risk and execution markers to drive proprietorship and responsibility for results.
Operational greatness unrivaled execution and demonstrated practices in counteraction,
recognition, reaction, alleviation and recuperation to drive validity and impact.
Subjective, significant revealing and correspondence main driver control and risk data keyed to
business system and commitment in the Board's general risk position and hunger.