info security legal issues discussion

1. “Policies, Standards, Procedures, and Guidelines” Please respond to the following:

This week you studied policies, standards, procedures and guidelines. If you were the project leader at a small company being spun off from a larger company, how would you tackle the task of adapting your company’s policies regarding information security? What are some of your greatest concerns? What rules are you likely to keep and which won’t really apply? Remember to keep a balance. You don’t want the employees to be so locked down by rules that they can’t efficiently do their jobs.

2. “Risk Assessment and Incident Response Teams” Please respond to the following:

Your medium-sized company has recently expanded funding for the IT department and is adding dedicated specialists to “Risk Assessment” and “Incident Response” teams. You’re helping with the organization of the new structure. What kind of certifications and education are you going to be looking for when assigning existing team members and new hires to these teams? How are you going to describe their jobs to them? Should these teams work together, or be independent of one another? Why? What should be the first projects each should undertake in your opinion, based on this week’s study?

3. “Computer Forensics Process” Please respond to the following:

The computer forensics investigative process includes five steps: Identification, Preservation, Collection, Examination, and Presentation. When a breach has occurred in a medium to large-sized company, cybersecurity experts, and sometimes forensics specialists will investigate using this process. In a small company, it’s likely that the IT staff will have multiple roles, but what do you think about the larger companies? Should the experts who do penetration testing or maintain the security defenses be involved in the forensics investigation after a breach? What are some pros and cons you can see in having a lot of people examining the breach?