8. Which of the following is one of the four classes of formal IS security issues? a. Business strategy b. Organizational structures c. Informal information flows d. Security strategy and policy Selection:…………….. 9. Ciphers that use different keys to encrypt and decrypt the message are termed as a. simple key ciphers b. symmetric key ciphers c. asymmetric ciphers d. short key ciphers Selection:…………….. 10. The Clark-Wilson model is based on the assumption that a. information flows constantly b. no read up c. no read down d. bookkeeping in financial institutions is the most important integrity check Selection:……………. Question 3 [30 marks] In a recent audit of News Media Ltd’s security systems, a series of issues were identified. It was found that company’s IT systems consisted of a wide variety of hardware makes/- models and software versions. Many of these were very old and most were not covered by service/maintenance agreements from their respective vendors. The audit identified that databases containing customer information and accounting data were periodically backed- up. However there had not been any incidents/failures in the past requiring restoration of data from such backups. While the company’s staff numbered 324, the records appeared to indicate a total of 650 user accounts actively being used. While the anti-Virus systems were up-to-date with latest security patches, most of the other servers were not being updated at regular intervals. 3.1. What are the step involved in developing a standards based risk management framework for News Media Ltd.? [8 marks] 3.2. List 2 risks you identified in the current information management system of News Media Ltd. [4 marks] 3.3. As an information security consultant, list three decisions you make to at strategic, administrative and operational level (one decision per each level) to support alleviate the aforementioned issues. [4 marks]