Scenario 1: The Very Busy Computer Media and Storage Administrator

John has been with Dynamic Software for five years. In that time, he has become the go-to person for system backups and computer media for the critical operating and application software for the company. He manages the computer media library and is responsible for making sure all system backups are completed accurately with at least three generations of backups at any one time. The library has about 700 items, and John is quick on responding to requests for software media or for backup media. John handles the whole operation himself and knows where everything is in the library. If you need something, just call John. State five security principles or practices based upon the ISC2 Study modules that this operation violates and the possible consequences for the organization. State five countermeasures that you would employ to improve the security of this operation and how those measures would be effective.

Scenario 2: What is in the closet? Mary is an Information Security Officer at a USB drive manufacturing plant. In her first week on the job, she is doing a security survey of the plant. She notices that several utility closets do not have locks. The closets house telecommunications lines and power lines for the plant. She reports this situation to her CSO. He states that if the server and sever rack rooms have locks, things are fine. Maintenance people need easy access to the utility closets. Mary doesn't agree and decides to write up a memo for discussion at the next plant Security Committee meeting. How do the unlocked closets affect Confidentiality, Integrity, and Availability? Give a specific problem for each. Besides supplying locks for the utility closets, identify two other physical security controls that you would recommend. How would they be effective?

Scenario 3: Who do you trust? Review the Zero Trust section in Bob's PowerPoint and compare it to the slide "Network Security - Types of Devices." Explain measures you would take to enforce zero trust at each of the eight layers of the network.

Scenario 4: Data Handling

Carl the CSO of Diversified Data Analytics is holding an in-house conference on Data Handling methods for the Information Security Staff. His two main concerns are preventing proprietary data from leaving a secured zone without authorization and ensuring that there is a dependable method of reporting, storing, and disseminating security incidents among staff. Given that the Six Phases of Data Handling are:

Plan and Design Collect and Create Analyze and Collaborate Evaluate and Archive Share and Disseminate Publish and Reuse Explain what actions you recommend in each phase to achieve the two objectives.

Scenario 5: Incident Response Devise an incident response plan for a power loss lasting more than one hour on the production line of the USB manufacturing plant. In your plan consider more than just getting power restored. What are some of the information security concerns that could occur with this loss of availability?