download instant at www.easysemester.com Materials to Accompany INFORMATION SECURITY PRINCIPLES AND PRACTICES

CHAPTER 1 WHY STUDY INFORMATION SECURITY?

CHAPTER REVIEW/ANSWERS TO TEST YOUR SKILLS

Multiple Choice Questions 1. B

2. D

3. A

4. B

5. D

6. C

7. B

8. D

9. A

10. A

11. B

12. D

13. C

14. C

15. B

download instant at www.easysemester.com Exercises

EXERCISE 1.1: LOOK AT SALARY GROWTH AMONG INFORMATION SECURITY CAREERS Students’ graphs should resemble the example below. Increases in salaries vary by position but run between 8% and 15% on average each year. Predictions should indicate strong growth in IT Security salaries, but sustained double digit increases are unlikely.

Growth in Information Security Director Salaries 2000-2003

$140,000.00 $120,000.00 $100,000.00 s r a l

l $80,000.00 o D

$60,000.00 S

U $40,000.00 $20,000.00 $0.00 2000 2001 2002 2003 Year

EXERCISE 1.2: SEARCH FOR COLLEGE PROGRAMS IN IS Students' answers will vary. Primary differences in each program are focus and audience—typically information security degrees appeal to commercial personnel, while Information Assurance is geared to government employees and government contractors. Network Security degrees are specialized areas for those wanting to break into Information Security or advance as network engineers. Finally, Physical Security programs focus on law enforcement, homeland security, public programs, and data center designers.

EXERCISE 1.3: NATIONAL SECURITY AGENCY EDUCATION IN INFORMATION ASSURANCE PROGRAMS Students' answers will vary. Criteria for measuring participating institutions should include most of the following:  Partnerships in IA Education  IA Treated as a Multidisciplinary Science  University Encourages the Practice of IA  Academic Program Encourages Research in IA  IA Curriculum Reaches Beyond Geographic Borders  Faculty Active in IA Practice and Research and Contribute to IA Literature  State-of-the-Art IA Resources  Declared Concentrations  Declared Center for IA Education or Research  Full-time IA Faculty Source: http://www.nsa.gov/ia/academia/caeCriteria.cfm?MenuID=10.1.1.2

Comparisons of curricula will vary based on the institution the student selects to compare with the chapter example. download instant at www.easysemester.com EXERCISE 1.4: REVIEW NSA/DHS PARTNERSHIP ON SECURITY EDUCATION The program is intended as an education and outreach initiative to reduce vulnerabilities in the national information infrastructure by promoting higher education in information assurance and producing a growing number of professionals with information assurance expertise in various disciplines. Priority III of the President’s National Strategy to Secure Cyberspace directs the federal government to foster training and education programs to support the nation’s cyber security needs and to increase the efficiency of existing federal cyber security programs. The NSA/DHS agreement directly responds to these tasks by amplifying an existing, successful program and enhancing cooperation between the agencies.

EXERCISE 1.5: FOR-PROFIT EDUCATION Students' answers will vary. Successful students should be able to determine which, if any, of the certifications compare with university programs that they researched in Exercise 1.3.

Projects

PROJECT 1.1: IDENTIFYING THE MULTIDISCIPLINARY APPROACH Responses should indicate that security is needed to protect business assets and should be described in terms of how security is used to mitigate risks to business assets. Personal experience and other exposure to business courses could relate how security can protect assets from theft, aid in improving information integrity and accountability, and help to keep their eye on the ball when implementing security controls.

PROJECT 1.2: GETTING SOME PRACTICAL ADVICE Student answers will vary based on whom they interviewed, the nature of the business or organization, and the overall size of the organization.

PROJECT 1.3: CHARTING YOUR COURSE Students' answers will vary. Successful students will have a handle on their own career goals and should be able to determine which, if any, of the areas related to IT Security might be right for them or interesting enough to pursue further.

Case Study Students' answers will vary. Reasonable responses will include visiting headhunter sites that specialize in Information Security, visiting sites like those in Exercise 1.1, and some explanation of how an IT Security department might be organized or what roles must exist in the organization to meet the company’s goals.

download instant at www.easysemester.com