Hypothetical Exam Questions

EXAM QUESTIONS

The first three essay questions are based on the following hypothetical, which is the same as the hypothetical from before with a few relevant changes. Each response is worth 25 points.

Hypothetical

PolticsCureCo™ has been in business for quite some time and has been a successful company. The company specializes in drugs and therapies to cure anxieties and unresolved anger caused by actions/lack of actions by politicians and elected officials and coping strategies in toxic political environments. Politicians and elected officials themselves use the various drugs of the company to survive or even thrive in their chosen profession. PolticsCureCo’s products include Stonewalla™and Filibustera™.

The company is in the process of introducing a new slogan, “Just Do It and Make Cure Great Again.” to motivate their users. They are also in the process of coming up with a new drug, to be introduced as Impeachra. Both the new slogan and the plan to introduce the new drug are highly sensitive and company confidential information. A political junkie magazine PoliticsJunkie, has, however, revealed about these plans of PoliticsCureCo in their latest issue. PolticsCureCo was furious about this. When they contacted PoliticsJunkie about this, PoliticsJunkie ridiculed them stating that it was easy to find out this information because information about both projects were available to many in the organization, but they would not release their sources or how they obtained the information.

1. (25 points – 300 words or less) The CEO is very concerned about PoliticsJunkie’s learning about PoliticsCureCo’s secret plans (both about the new slogan and about the drug Impeachra) and she has ordered you to conduct a full investigation to identify the root cause of the incident. Ever since PoliticsJunkie disclosed the plans, the CEO has been facing extensive scrutiny from the Board of Directors. The CEO has asked you to send her an e-mail with your incident response strategy, preferably outlined in bullet point format so she could use the e-mail as talking points for updating the Board of Directors. The CEO is essentially asking you to outline the objectives of your forensic investigation and the steps you plan to take. As you know by now, the CEO is very busy and she does not like long e-mails. Keep your response to 300 words or less.

2. (25 Points, 300 Words or less) The initial forensics investigation has led to the determination that PoliticsJunkie has hacked into PoliticsCureCo systems and obtained the sensitive information about the slogan and the drug Impeachra. The CEO has asked you to describe in 300 words or less what, if any, crime PoliticsJunkie has committed and what steps could be taken to ensure that any forensic evidence collected can be admissible in court.

3. (25 points – 300 words or less) Assume one year has passed. The drug Impeachra has been brought into the market after a short trial. A website that reviews new anxiety drug products has allowed consumers to post reviews of Impeachra. The reviews have generally been negative, with one consumer stating that PoliticsCureCo is filled with a bunch of fake scientists with PhDs from fake universities, who just copied the formula for Valium. While the CEO (and so are many reviewers in the industry know or the allegations are ridiculous), she asked you to summarize in 300 words or less whether PoliticsCureCo can hold the website legally liable for the unflattering posts on their site.

4. 25 points – 300 words) Attacking the Attacker: As the CISO, you detect an incident in progress on your company’s computer network and you determine the external source of the attack. Should you “hack back?” What are the issues involved?

Question # 2

PoliticsCureCo has about 50 employees and a few information security personnel, but information security was not their priority until now. The CEO is very concerned about the status of cybersecurity at PoliticsCureCo in view of this latest breach. The CEO has just hired you as the CISO in their headquarter office in Washington, DC. She has sent you an e-mail asking your recommendations regarding adopting or using an information Security Governance Framework to better develop, align, coordinate and enforce proper security functions (controls). The CEO is very busy and you know that she does not like emails longer than 250 words, so keep your response 250 words or less.

As the new CISO of PoliticsCureCo, I will make sure that there is control of information provided by the firm to minimize loss of the company’s crucial information at the headquarters. This will be possible through the guidelines that I will lay down for all our employees to foster the organizations success. First, ensuring that there is accountability of the framework, overseeing, and controlling all the actions in the company will mitigate all the risks facing us. It will avoid any chances of breaching the Cyber security at PoliticsCureCo as had occurred on previous occasions (McMahon, Serrato, Bressler & Bressler, 2015). However, the implementation faces a challenge of creating a balance between the organizational risk assessment and utilization of available resources, which are gradually shifting. To curb this, it will be my duty as CISO to offer crucial decisions on how to allocate the organizations limited resources to facilitate client satisfaction.

Consequently, to align the functionality of the whole firm, it will be vital to create a framework that prioritizes risks and build the support of resources that require guidance from the organization. This varies depending on the structure of the organization hence formulating guidelines that facilitate good adaptation to the changes. Besides, the assessment will enable the organization to measure its compliance on how it handles correctly and protects data from unwanted access, destruction, or even loss. To facilitate achievement of law compliance, I as CISO will assign responsibilities of information governance to specific staff and make employees aware of their individual responsibilities and the consequences of non-compliance.

Get a 10 % discount on an order above $ 50
Use the following coupon code :
TOPCLASS