The following qusitons is regarding the course of IT 409 IT

The following qusitons is regarding the course of IT 409 – IT Security and Policies

Question No. 1

The introduction to ISO 27002:2005 includes this statement: “This International Standard may be regarded as a starting point for developing organization-specific guidelines. Not all of the controls and guidance in this code of practice may be applicable. Furthermore, additional controls and guidelines not included in this standard may be required.” Explain how this statement relates to the concept of strategic alignment.

Question No. 2

a) What is Cyber Insurance and what does it generally cover?

b) Why would an organization purchase cyber-insurance?

c) What is the difference between first-party coverage and third-party coverage?

Question No. 3

What can a potential employer learn about you from your social media activities?

Solution

3) the top three things employers look for in your social activities ie 1) more than half of hiring managers say that they are looking to see if the candidate will be good fit for corporate culture as think about it your facebook profile is far more accurate portrait of what you are really like than an employer could get from screening questionnaire and you can also given answers that you think an employer wants to hear 2) 45% are researching potential hireson social media to find out more about the candidate qualifications ie if you have mentioned your communication skills ar these supported by your online activity or what do you post or tweet about it or are you articulate , intelligent , friendly or you argumentative and foul mouthed 3)almost as many 44% of hiring managers want to see if a candidate is creative as how you choose to use the latest networking tools and technologies can say lot about how social , savvy and skilled you are and employers will be looking to see how innovative and original you are in what you do online .

2) a) a cyber insurance policy also reffered to as cyber risk insurance or cyber liability insurance coverage is designed to help an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber related security breach or similar event as cyber insurance typically covers expenses related to first parties as well as claims by third parties and the following are common reimbursable expenses as investigation - a forensic investigation is necessary to determine what occured and how to repair damage and how to prevent same type of breach from occurring in the future .and it may also involve services of the third part security firm as well as coordination with law enforcement and fbi . business losses as cyber insurance policy may include similar items that covered by an errors or omissions policy as well as monetary losses experienced by the network downtime , business interruption , data loss recovery , costs involved in managing crisis which may involve repairing reputation damage . privacy and notifications as this includes required data breach notification to customers and other affected parties which are mandated by law in many jurisdictions and credit monitoring for customers whose information was or may have been breached . lawsuits and extortions - that includes legal expenses associated with the release of confidential information and intellectual property .

b) the organization purchase cyber insurance because the insurance industry watchers believe that clients will soon expect cyber insurance to be part of every business insuers product line and they also look out for whether the insurance company offer one or more types of cyber insurance policies or is the coverage simply an extension to an existing policy and in most cases stand alone policy is best and more comprehensive , be sure to compare deductibles closely among insurers just like you deal with health , vehicle and facility policies . how does the coverage and limits apply to both the first and third parties . does the policy civer any attack to which an organization falls as victim or only targetted attacks against the organizations in particular . does the policies cover any non malacious actions taken by an employee .does the policy cover social engineering or network attacks .and they also look for wether the policy follows best practices and enabling defences and control to protest against the attacks and employ education in the form of security awareness .

c) in property insurers first party is the owner of the property and second party is insurer and third party say person on street normally in insurance loss or damage to the propert insured is covered as if your car gets damaged , its repair and replacement is covered this is commonly called first party coverage . but in may also happen that your property causes some loss or damage to life or property of others here is your liability compensate the second type of loss or damage creates liability on you for compensating the aggrived suppose your car hits pedstrian or wall you have to compensate both taking this third party insurance in india is mandatory in case of first party claim loss or damage is computed by insurer and agreed upon by insured claim is paid but in case of third party claim amount of claims to be paid in lakhs or cores . thats why third party premium is increased every year by irdai

1) strategic alignment helps organizations including small business define what matters most to the organization and then create a road map to the achieving the organizations purpose stategic alignment requires planning , willingness to reassess and make adjustments regularly and work force feels involved responsible for organization in achieving its objectives