1.”Principles for Policy and Standards Development” Please respond to the following:
Select two principles for policy and standards development (accountability, awareness, ethics, multidisciplinary, proportionality, integration, defense-in-depth, timeliness, reassessment, democracy, internal control, adversary, least privilege, continuity, simplicity, and policy-centered security). Examine how these principles would be the same and different for a health care organization and a financial organization.
Determine which type of organization would have the most difficulty implementing the principles you selected
2.”OCTAVE” Please respond to the following:
From the e-Activity, provide a brief explanation of the Operationally, Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) methods. Explain how they are beneficial for organizations developing their IT risk management approaches.
From the e-Activity, explain how the size of the organization impacts the OCTAVE method utilized. Determine the factors that large organizations, as opposed to small organizations, are most concerned with.
3. “Patterns of Behavior” Please respond to the following:
Evaluate the patterns of behavior of early adapters versus followers. Determine the pattern of behavior that leads to a competitive advantage. Justify your response.
Give your opinion as to whether “Heat Seekers” and “Followers” could coexist within the same organization. State the negatives and positives associated with both patterns of behavior.
4. “Getting to Know the Industry” Please respond to the following:
Getting to know the industry in which a company operates is a critical factor for leveraging information systems and gaining a competitive advantage. Speculate as to how information systems can be leveraged in a particular industry. Analyze how time of entry, industry trends, corporate culture, and other factors affect competitive advantage. Explain your answer.
Evaluate the competitive applications of technology. List and describe three applications and how these can be applied to the information systems industry