All Questions are worth 3 points each - 12 points total for the assignment. Assignment is due on June 18th, at 11:59 pm, EPT.
Question 1:
Suggest a password policy for No-Internal-Controls. Include an example of a technical control and an administrative control. Also include examples of a preventative control and a detective control. You may include as many controls as you like. Explain how this will mitigate against similar attacks.
Question 2:
No-Internal-Controls has a main office, two regional sales offices, and two warehouses. Suggest a physical security policy for No-Internal-Controls that includes controls that address each of the following potential vulnerabilities:
The warehouses have multiple controlled pharmaceuticals that must be logged when received and shipped out. Each warehouse has a separate room for highly regulated narcotics. The main office has a public lobby and conference rooms for guests and prospective clients. One of the regional offices is in an urban area that has been suffering from an increase in vandalism and petty crime. The data center is located at the main office. There are two doors, one from the Network Admin's office and one from the main hallway between the IT department and the Finance department.
Question 3:
No-Internal-Controls has a limited budget and is considering one of three different projects for the first half of the year: