1. What are the benefits of thinking of controls in terms of a layering approach?
2. Identify three examples of IT threats for each of the following exposures: disclosure, modification and destruction.
3. Choose an auditing instance concerning the physical security of an IT center and develop a brief control objective and an auditing objective for it.
4. You have just conducted a site visit to a data center and discovered that the main entrance had a card key entry system installed as a security feature. Unfortunately, the system was inoperable so the door was propped open with a piece of wood. Using the IIA audit findings template prepare an audit finding for your observed event.
5. Discuss why it might be impractical to have all operating systems in business rated for the equivalent of military trusted systems.
6. Discuss why the role of a database administrator in any large organization has both political and technical dimensions
7. Discuss the salient issues in permitting employees in business organizations access to social networking sites.