You are in charge of IT assets for a company. You are attending a meeting with your management to address questions and concerns around security for the organization. You are the featured presenter at the meeting. The meeting starts in a somewhat unstructured fashion and you are presented with the following questions.
You need to address these questions to some detail. Stay away from anecdotal comments and provide fact based narrative with examples.
You need to provide an answer for each of the 5 following questions. After you answer these questions you can move to the 2nd part of the presentation.
a. (12 points) We have never had an attack. Why are you so concerned now about a possible attack? Consider what changes have or are occurring in the IT world that raises your concern for an attack.
Answer:
b. (12 points) How would we determine what assets we have, what needs to be protected, and how to protect them? Provide some detail around the mechanics of each process.
Answer:
c. (12 points) I have heard we need a written security policy. Why would we need a written policy; what is in a policy that would support our need to have one? How often would we need to revise it? Who in the organization would need to be involved in this process?
Answer:
d. (12 points) What is the difference between an insider attack and an outsider attack? Provide details around the nature of the attack, what needs to be breached by an attacker for each attack and strategies for defending against each attack.
Answer:
e. (12 points) What is this zero trust approach to security that we keep hearing about? Provide examples of it.
Answer:
2. (40 points) You are in charge of the IT assets for your company. How do you make the case to your management that investing the time and money into malware protection is money well spent?
For this question you need to write an outline for a presentation you are going to make to management to persuade them to invest in malware protection. The approach to the presentation needs to be factually persuasive. In other words, you need to provide an outline that will demonstrate to management through empirical evidence, business acumen, technology trends and project planning why investing in malware protection makes sense.
The post In charge of IT assets for a company first appeared on COMPLIANT PAPERS.