Please, I need answers from textbook \"Security Program and Policies: Principles
ID: 3737116 • Letter: P
Question
Please, I need answers from textbook "Security Program and Policies: Principles and Practices" author: Sari Stern Greene. 2th edition
Q1: Give two examples for protecting the equipment in an organization.
Q2: Email is the most preferred way of communication in many sectors currently. Apart from its advantages in communication, emails are also prone to cause various threats to the information technology framework. Explain in the various threats (at least 2) of emails being sent over the internet or a network, and the techniques (at least 2) to protect the messages sent over emails.
Q3: Describe the activities involved in log management. How to select the appropriate data to log.
Explanation / Answer
Q1: Give two examples for protecting the equipment in an organization.
Answer)
Information security is the primary concern in a company or organization. Ans such is equipment security as the equipments are not only physical devices but also contain a large amount of valuable data which are important to a company. Thus, the protection of equipments is mandatory for an organization and physical protection along with system protection has to be done by the security policy.
Physical security policy minimizes the risk of resource theft and destruction of company and organization specific hardware and equipments which are important to a company. The security policy is too important to work on for physical security. Examples for physical security are: Intentional acts of destruction e.g., theft, Environmental conditions such as extreme temperatures, high humidity, and natural events such as floods, earthquakes.
Along with physical security we must also have logical security in place for the computers and other systems such that not everybody can control. Only those people who are authorized and has access to particular systems can use them and execute their jobs. Thus need of a secure IT systems for protection of data and to prevent losses to the organization is very important. Examples of this are that: we should protect the system with access control and allow people with specific access to do specific jobs, Password protection is mandatory, training on how to use the systems and how to manage vulnerabilities in the system, Using a antivirus and firewall to protect yourself in the systems.