1. What is the purpose of INFOSEC?
2. Explain the elements of the CIA triad.
3. Identify three threats to critical information and describe strategies to protect the information. What role does risk assessment play in the information protection function?
How does a corporation handle situations like the above where policy no enforcement or selective enforcement becomes a larger problem? The information systems involved were administrative and operational and had little to no sensitive information on them.
How does one go about protecting data at a level that is commensurate with its sensitivity, value, and criticality when those parameters can change due to circumstances such as a lawsuit?