week 2 homework 2

  1. You have been asked by the CIO to explain the Pros and Cons of placement of IT Security within the IT Department or to place IT Security outside the IT Department within the organization. (Do not consider outsourcing IT Security in this situation).
    1. List the Pros and Cons for the CIO
    2. What would you recommend to the CIO
  2. The text discusses the impossibility of computing annualized rates of occurrence. Your Comptroller wants to see data on Return on Investment before funding any security project. Discuss the alternatives or other approaches to securing funding for security projects if annualized rates of occurrence and Return on Investment are not feasible approaches.
  3. In Chapter Two, Bruce Schneier was quoted as saying “Security is a process not a product”. The text goes on to say it is a mistake to focus too heavily on security technology compared to security management.
    1. We must have security technology, what is meant by being focused too heavily on security technology?
    2. Give examples or evidence of focus on security management
  • Please number your answers so they correspond to the questions listed below.
  • After each answer (or clearly state within the answer) the source(s) used. Although form and style is not considered in grading of this assignment, it may be a good opportunity to practice APA form and style rules for citing sources.
  • You should apply what you learn from textbook and reading materials in your response. Make your response to the point.
  • Complete the following readings this week:
    • Chapter 2 Planning and Policy