1A) What are the general benefits of following the principle of Separation of duties for tasks?

1B) What are the benefits of following the principle of Separation of duties for performing backups?

1C) Identify and describe what sub tasks comprise the backup process. Clearly describe each sub task.

2A) A new version of the operating system is being planned for installation into your departments production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing.

2B) Would the amount of testing and types of testing to be done be different if you were installing a security patch instead of a new operating system version? Explain in detail your reasons?

2C) Would the amount of testing and types of testing to be done be different if you were installing an application patch instead of a new operating system version? Explain in detail your reasons?

2D) What sort of preparations would you make for an operating system upgrade on your home PC? Provide some detail.

The following is used for questions 3 and 4.

You are responsible for managing several PCs. You have asked your assistant to backup their work. The assistant indicates they need administrator privilege to perform the backup. He also says he will bring in a USB memory stick to backup their data to.

3A) What are your concerns with granting administrator privileges?

3B) What would you ask the assistant about this request for administrator privileges? Provide at least 3 questions you might ask and explain why you are asking them.

3C) What control principle would you be violating if administrator privileges are not needed and you grant them?

4A) What concerns do you have about the assistant bringing in a memory stick for backups?

4B) How would you determine if backing up to a memory stick is a reasonable and accepted approach?

Several files have been deleted on your system. It is not clear if this was the result of a malicious act or if it was accidental. The auditing mechanism may be able to help you determine what happened.

5A) What are you going to look for in the audit file? Provide at least 5 items you would look for in the audit file. Explain why you selected each item.

5B) Provide at least 3 items with reasons. What may it mean if the deleting of these file were not recorded in the audit log?

5C) What is the impact/cost of auditing events?

5D) What is the impact/cost of not auditing events?