U4

Group 1
Discuss the weakest link in the information security chain and provide an explanation to support your selection.
Describe the different types of users and indicate how they are treated in different and similar manners.
Discuss how to govern different types of users with policies.
Discuss acceptable use policies (AUPs).
Discuss the significance of a privileged-level access agreement (PAA).
Describe what security awareness policies (SAPs) are.
Describe what the best practices for user domain policies are.
Discuss the difference between least access privileges and best fit access privileges.
Describe some case studies and examples of user domain policies.
Group 2
Describe the following:
What the basic anatomy of an infrastructure policy is.
What the common Workstation Domain policies are.
What the common LAN Domain policies are.
What the common LAN-to-WAN Domain policies are.
What the common WAN Domain policies are.
What the common Remote Access Domain policies are.
What the common System/Application Domain policies are.
What the common telecommunications policies are related to the IT infrastructure.
What some IT infrastructure security policy best practices are.
What some case studies and examples of IT infrastructure security policies are.
Group 3
Discuss the following:
What the common data classification policies are.
What the common data handling policies are.
What the common business risks related to information systems are.
What a risk and control self-assessment (RCSA) is and why it is important.
What the common risk assessment policies are.
What the methods of quality assurance (QA) and quality control (QC) are.
What the common best practices for risk management policies are.
What some case studies and examples of risk management policies are.