3.4. Explain a technical and an informal control you deploy in the organization and relate how each control contribute to improve the CIA triad [8 marks] 3.5. Assuming that there were no security policy violation according to the current security policy, write three statements that you would recommend to be added to the security policy of News Media Ltd. [6 marks] Question 4 [30 marks] With the winter quickly approaching, you dream how wonderful life would be to have a hot coffee ready to consume the moment you get out of bed. The only problem being, you don’t have anyone else to prepare the coffee while you are getting ready for work! One day at work, you bring up the topic during your conversation with a colleague who then introduces you to a world of automated IoT routines (sequence of IoT actions performed). Excited at the thought of having your dream realized, you purchase 2 IoT devices—LIFX smart light and TP-Link smart plug. The idea is to plug in your capsule coffee machine to the smart plug, which will be turned on the moment the smart light (used as your night light) is turned off. 4.1. List the various methods that will allow you to create the desired routine. Which parties could be involved in running the desired routine? [4 marks] 4.2. You want to simply switch on/off your smart light and plug, but your information is now shared with a number of different parties. Why do you think these things matter? [6 marks] 4.3 Explain two methods that a third party can access or infer your data/data content. You can consider both legitimate or adversarial scenarios.[6 marks] 4.3. What could be the potential security and privacy threats for you as a user? [8 marks] 4.4. How can the identified security and privacy threats be mitigated? [6 marks] END OF EXAMINATION