Exercises Chapter 8
docx
keyboard_arrow_up
School
Davenport University *
*We aren’t endorsed by this school
Course
481
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
4
Uploaded by DoctorClover4954
Chris Buerkel
Davenport University
Fall2023-SE1-IAAS481.11619
John Wilson
September 28, 2023
Exercises Chapter 8
4. Search the Internet for the term data classification model. Identify two such models and then
compare and contrast the categories those models use for the various levels of classification.
I have discovered that the US government sorts its information into three categories:
Confidential, Secret, and Top Secret. Confidential data is considered potentially damaging to
national security, while Secret information is even more confidential and could lead to more
significant harm. Top Secret is the most severe classification level, posing threats to the country
and undercover operatives. However, some individuals take issue with this system, which
restricts public access to information.
Additionally, the United Kingdom follows a similar three-tier classification model:
Official, Secret, and Top Secret. Official information pertains to routine daily operations, and
leaks would not significantly impact. Secret material is susceptible and must be kept from the
public to safeguard the nation. The Top-Secret category is reserved for the most extreme cases,
containing information that, if exposed, could result in safety hazards or economic disasters. The
US and the UK have the same classification with little difference.
5. Search the Internet for the term Treadway Commission. What was the Treadway Commission,
and what is its major legacy in the field of InfoSec?
In 1985, the Treadway Commission was established to identify fraudulent individuals
serving in public office and all types of organizations. The commission's rules and regulations
were the foundation for the Committee of Sponsoring Organizations (COSO). Leland's
description of COSO's Internal Control - Integrated Framework (ICIF) — also somewhat
confusingly known simply as COSO or the COSO framework — provided guidance for how
organizations can implement controls to prevent, detect, and manage fraud risk related to
external financial reporting” (Leland, 2023). Following the COSO framework, companies can
establish profitable and ethical foundations, leading to a respectable reputation. The framework's
advantage lies in its internal controls and avoidance of nefarious activities. However, small
organizations may need help to adapt to the framework.
Ethical Decision Making
Iris had gathered her planning team and announced the choice for the model on which they
would base their approach, and now one of the more senior people was asking her why she had
not chosen the ISO/IEC 27000 series as a model.
“Since the 27000 series is mostly complete these days, why wouldn’t we use that?” he asked.
“Well, I looked at the details of that approach,” Iris said, “and I decided that the expense of
purchasing a copy of the standard for our use was not worth the few extra benefits it would
provide us.”
“But why do we have to pay a license fee?” the senior analyst asked. “I have a copy of the
standard that I got from a friend of mine. It’s a PDF file and we can use it right away.”
Iris sighed, then paused.
“It’s a copyright-protected document,” she finally said.
Regarding whether to utilize the PDF file, the recommendation is to refrain from doing
so. While using a free, unauthorized copy may be tempting, it is essential to uphold ethical
standards. If the file is necessary, obtaining a proper license is the appropriate course of action.
Prioritizing security measures is crucial in safeguarding the company's well-being.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Reference
Anderson, T. Cheema, M. Hyun, M. Lakireddy, K. (August 3, 2022). AWS.
Data Classification.
https://docs.aws.amazon.com/whitepapers/latest/data-classification/data-classification.html
.
Leland, A. (May 24, 2023). Auditboard.
Fundamentals of the COSO Framework: Building
Blocks for Integrated Internal Controls.
https://www.auditboard.com/blog/coso-framework-
fundamentals/
.
Riedel, B. (January 23, 2023). Brookings. How does the government’s classification system
work?.
https://www.brookings.edu/articles/how-does-the-governments-classification-system-
work/
.