managemnet of information security third edition, micheal e. whitman to be used for the following question q.1. q.2. q.4 q.5 q.6 q.3 to be done by using internet. referencing style must be apa 6th or...

Question 1 – (5 marks) Answer Case Exercises (page 208) from Whitman, M.E. & Mattord, H.J. (2010) Management of Information Security 3ed Course Technology:Boston Question 2 – (5 marks) Discuss how does an information security framework relate to the information security blueprint and how might an information security professional use a security model? Question 3 – (5 marks) Visit the Web sites of the major technology organisations listed in this chapter (Microsoft, Oracle, and Cisco) plus those of two you choose on your own. Search their Web sites for best security practices. What do you find? Question 4 – (5 marks) If an organization has three information assets to evaluate for risk management purposes as shown in the accompanying data, which vulnerability should be evaluated for additional controls first? Which vulnerability should be evaluated last? Question 5 – (5 marks) Describe how outsourcing can be used for risk transference. Name and briefly describe two examples/cases of risk transference in Australia that you believe this type of risk management helps to protect organisations interest. Question 6 – (5 marks) How is an application layer firewall different from a packet filtering firewall? Why is an application layer firewall sometimes called a proxy server? Discuss the advantages and disadvantages of cache proxy server in security context.