Policy lifecycle
Question 1
Explain Information Security Policy Lifecycle with neat diagram and list the responsibilities associated with the policy lifecycle process are distributed throughout an organization in a table.
Information Security Policy Lifecycle
| Activities | Position in Organization | Responsibilities |
| Development | Top Management | Top management is responsible for research and planning the policy and then it gets it approved in a committee for further proceedings. |
| Publishing | Operational level | Operations manager publish and disseminate the policy in order to educate those who are below in ranks. |
| Adopting | Departmental Level | The responsibilities regarding adoption of policy include implementation, monitoring, and enforcement. |
| Reviewing | Supervisor Level | At this level, supervisors give feedback regarding a policy which has been implemented and then it is decided whether it should be continued or abandoned. |
Composition of policy documents
Question 2
a) Explain why standards enable the policy by defining action.
Standards enable the policy by defining action because standards set a layout which is followed to formulate the policy. Policy cannot be formulated in absence of standards because actions based on policy can only be made if there is not enough established criteria in place and such criteria can only be possible in shape of standards.
b) Provide an example to show the difference between password policy and password standard.
A password policy consists of rules which ensure the security and protection of computer and electronic systems. It is the policy that users must login to any system or data based with the help of password and otherwise, they cannot login the system. On the other hand, there is password standard which ensures the standard for a password. It should contain a specific length and must have required numbers and alphabets. For example, it is password policy that one should enter into a database with the help of password, and it is password standard to restrict length of password and the instructions for password to contain numeric values or alphabets.
CIA security model
Question 3
a) Define the CIA security model.
The CIA security model is also called CIA triad which contains confidentiality, integrity, and availability of data. These important components of criterion of security are ensured in every step of data security.
b) Provide your own example to describe violation of integrity, confidentiality and availability.
Violation of integrity would happen when someone would use information of another person and would illegally enter the platform made for someone other. It is also true for those who are responsible for securing data and cannot use data for personal use. Violation of confidentiality is that passwords and personal data of people must be confidential, and it should not be given to any third person otherwise, secret and important data would leak and would go to others’ hands. Violation of availability would occur when someone would enter and login with his or her accurate credentials, but he would not be allowed to enter or login into his or her database.
c) What is the difference between data integrity and system integrity?
Integrity is practiced when someone uses honest practices and means to get something done. In this manner, data integrity is related with honest means to handle data and during whole data life cycle, the accuracy and consistency of data is ensured.
On the other hand, system integrity is related to the whole system, and it is ensured that the whole system will not be disrupted and changed to harm any one person or group of people. Thus, the system would run smoothly and honestly.
Understanding hacktivism or DDoS
Question 4
a) Find a recent article on the internet relating to either hacktivism or distributed denial of service (DDoS) attack.
Barth, B. (2017). Venezuelan government websites hacked in support of military base attack. Retrieved October 10, 2017, from https://www.scmagazine.com/venezuelan-government-websites-hacked-in-support-of-military-base-attack/article/680538/
b) Summarize the attack with your own words.
An article has been published on SC magazine website which is about successful activity of hacking on government websites and technological platforms of Venezuela. A hacking group named to be the Binary Guardians has accepted the responsibility and he defaced approximately forty websites and all these websites were government. The hackers did this hacking activity in response to the attack on the military base of Valencia and attackers carried out this hacking activity in its protest (Barth, 2017)
c) Explain why the attacker was successful (or not).
The attackers or hackers of the Binary Guardians have been successful in carrying out this hacking activity against government websites because they entered into the hidden and program of the databases of those websites and their programmed passwords and systems broke into those websites to have access of all of them. This is how they have been successful in their attack.
Bibliography
Barth, B. (2017). Venezuelan government websites hacked in support of military base attack. Retrieved October 10, 2017, from https://www.scmagazine.com/venezuelan-government-websites-hacked-in-support-of-military-base-attack/article/680538/
