COSC 511 Questions for March 22, 1999


1.  Suppose you have been tasked by X to determine whether its
information security program is appropriate.  Outline a strategy for
making such a determinination.  Who would you talk with and what
questions would you ask?  What security policies, practices, and
technologies would you look for?  If you want, you can limit your
analysis to X's computer networks.  Do this for any organization
X, for example:

	Georgetown University
	a major bank
	a high-tech company
	a hospital
	the FBI or CIA
	
2.  Outline a security policy for organization X.  The policy
should identify responsibilities for implementing and enforcing.

3.  What are the major challenges facing an organization that
wants to protect its information?