Managing Online Risk Chapter 2 Questions

Question Mark Key on Computer Keyboard

These questions are to help you apply some of the concepts, best practices, and lessons learned from the content in each chapter. You can use them in individual reflection, or present them to your security team for group feedback and discussion.

If you haven’t bought the book yet go to our “Buy the Book” tab or click here: http://store.elsevier.com/Managing-Online-Risk/Deborah-Gonzalez/isbn-9780124200555/

Internal and External Risks

These questions are to help you apply some of the concepts, best practices, and lessons learned from the content in each chapter. You can use them in individual reflection, or present them to your security team for group feedback and discussion.

  1. Does your organization make IT security a priority? How do you quantify your answer?
  2. Do you have sufficient resources (time, money, staff, etc.) allocated for the security function? If not, why?
  3. Have you identified and/or encountered any shadow IT incidents? How did you handle it?
  4. Does your company have a BYOD or mobile device management policy?
  5. How does your company handle mobile security? Is it limited in scope (just for executives for example) or does it include ALL employees?
  6. What is your company’s policy on passwords and biometrics?
  7. Does your company have an IT security staff shortage or difficulty in getting and keeping good IT security talent? What steps can you implement to combat this situation based on some examples in the book?
  8. How does your company deal with the Internet of things (IoT) security concerns?
  9. Does your company use a third-party cloud storage provider? Did you do your security due diligence prior to approving them as a service provider? Review the list on page 44 for points for the service agreement and see how any your company met.
  10. Does your company have a hacking incidence/response protocol?
  11. Is your company subject to any federal, state and/or industry regulations in regards to privacy, IT security, etc.? How is your company ensuring its compliance?
  12. Does your company have a disaster recovery plan in place regarding its online/digital activity?
Buy Managing Online Risk Now button

Leave a Reply

Your email address will not be published. Required fields are marked *