***PLEASE ANSWER ALL OF THE FOLLOWING, THANK YOU.

1. What is risk management? Why is the identification of risks, by listing assets and their vulnerabilities, so important to the risk management process?

2. Briefly describe management, operational, and technical controls, and explain when each would be applied as part of a security framework.

3. Classify each of the following occurrences as an incident or disaster and explain why. If an occurrence is a disaster, determine whether or not business continuity plans would be called into play.

a) A hacker gets into the network and deletes files from a server. b) A fire breaks out in the storeroom and sets off sprinklers on that floor. Some computers are damaged, but the fire is contained. c) A tornado hits a local power company, and the company will be without power for three to five days. d) Employees go on strike, and the company could be without critical workers for weeks. e) A disgruntled employee takes a critical server home, sneaking it out after hours.

4. What is contingency planning? How is it different from routine management planning? What are the components of contingency planning?

5. Numerous companies in financial, health care, higher education etc. are breached by attackers each year. In December 2013, Target discovered that its network had been compromised resulting in the second largest data breach in history impacting millions of customers. Subsequent investigations have revealed that additional organizations were targeted with similar attacks during the holiday season. In early January 2014, social media applications Snapchat and Skype were also impacted by a data breach. These companies obviously have firewalls in place, but traffic on untrusted networks (public) are required for these companies to conduct regular business activities including Email, ecommerce and EDI for credit card transactions etc. Name and describe at least three additional security resources (aside from anti-virus software) that may have helped reduce the risk from outside attacks for these companies.