THESE ARE ALL DISCUSSION QUESTIONS AND REQUIRE ENOUGH INFORMATION TO ACCURATELY ANSWER THE QUESTION. PLEASE DO NOT SEND A HANDSHAKE IF DID NOT READ THE ASSIGNMENT OR YOU ARE UNABLE TO MEET DUE DATE .
Imagine you work for a medium-sized business in the information security department and suppose you’ve determined the need to structure and implement an incident response plan and team. Propose how you would make a business case for the management team, explaining why this is a needed component of the security program at the company.
Determine how you would design the incident response team, knowing that you would use six people from your current staff to comprise the team. Identify the role that each of these individuals would take and briefly discuss the tasks each would need to absorb.
Select a law that currently governs how technology can be used and discuss it in detail utilizing your own words. Determine whether or not you believe this legislation and other laws surrounding technology are keeping up with the changes and fast paced advancement of information technology and crime. Provide a rationale with your response.
Examine the implementation issues for IT security policy development. Determine which of these issues are the most challenging for organizations to overcome and explain why.
Propose at least three control measures that organizations can implement to mitigate the potential issues associated policy development and implementation.
Develop a list of the key elements that need to be included in a security awareness program. Analyze how security awareness programs differ from security training programs.
Examine at least four common hindrances to organizations developing effective security awareness programs and security training programs. Propose solutions to these hindrances.