Question 1

Search online for the security policy of an organization or company.

Evaluate that security policy:

How well does it cover the objectives and content of information security policy presented in the course:

What's good? What needs to be developed, what is missing? What questions arose?

What picture does the information security policy give of the level of information security and information security operations of the company/organization?

What things increased confidence in the level of information security

Was there something that reduced trust in the level of security

Add a link to the security policy used in your response.

Question 2

The company has conducted an information security audit of its information systems and identified the integrity of customer and financial data files as an object to be protected..

Make a risk analysis for that vulnerability and consider at least two possible threats/risks. The risk analysis should include the following steps: risk identification, risk analysis, risk evaluation. Include also the recommendations for the risk treatment.

You can apply the example of risk assessment report table presented in the lecture for the answer (the method of presentation can be other than a table).