Questions
- (20 marks) Watch the video at the following URL:
https://www.youtube.com/watch?v=Rn4Rupla11M. Imagine that you have been
hired to write a policy relating to the “social networking and online presence” of
employees for a large company (e.g., Microsoft, Cisco, or Oracle). The CEO has seen
this video and wants the employees of the company to be careful that their online
presence does not undermine the passwords and PIN access codes used by
employees to protect company accounts. Write a set of 3 policy statements that
should exist in this policy. Ensure that your policy statements are reasonable and
realistic. - (60 marks)
a. (20 marks) Access an on-line job-posting service. Search for jobs related to
“information security”. Find a job posting that contains information that could be
used for footprinting. List two pieces of information could be useful to an attacker
SRTY 3008 Security Management
and for each list item, explain in 2-3 sentences how it could be used for an attacker’s
gain. Write your answer in a table.
b. (20 marks) Make sure you include a full reference the job posting from part (a)
and also attach an electronic PDF copy of it to your assignment submission.
c. (20 marks) For the company that you have found the job posting for in part (a),
write a full policy for job postings that contains all required elements of a policy
from Chapter 2. You may assume that this policy belongs to a broader policy
document and therefore contains the Statement of Authority and Definitions
sections (i.e., these two elements of a policy are not required). - (20 marks) Find and review the privacy policy of your mobile carrier service
provider, if you don’t have one choose any provider you want inside Canada (i.e.
Bell, TELUS, Virgin, Fido, Rogers, etc..), Focusing on the parts that apply to your own
account privacy, answer the following:
a. Provide the reference (link) to the privacy policy you found and an
electronic PDF copy of it (note this is different from the website privacy
policy, for example we are not looking for rogers.com website privacy
policy, but instead for Rogers company privacy policy).
b. What information does the company collect and store about you?
c. Who does the company share this information with?
d. Does the company have a privacy officer? If yes list the contact details.
Sample Solution