7CCSMSEM
Security Management
Tutorial Week 8 Recall GANT from previous tutorials:
Question 1. The officers of GANT have decided that they need to establish a better means for information security. They are convinced they need to buy security products to achieve that (e.g. anti-virus). However, they seem to think that information security can be achieved just by using these products. What other types of security controls you would suggest GANT should look at? For each type, give one example.
Question 2. GANT has recently acquired a new computer to store the digital data they hold about members and Toad populations. As a result, they are going to decommission the previous computer they are using. They would like to also make sure that the data in the computer is deleted. Discuss at least two methods you could use for that?
Question 3. Due to a recent breach, GANT are more and more concerned about their security, and given your explanations in Question 1, they are very aware that procedural aspects may play a role to make GANT more secure. As such, they have come up with the brilliant idea to start monitoring all actions of GANT employees so that they could see whether they follow the procedures. They approached you to give advice on how to do this. What would be your advice?
Question 4. GANT is considering using a cloud provider to increase availability. What is cloud computing? Why is it useful? What are the security risks if the organisation relies on cloud computing for their infrastructure?