INFO5301 Tutorial 1
Information Security Management
The goal of this tutorial is to review the nature and scope of information system security and under-
stand the importance/roles of information systems and the type of security controls.
NOTES: This tutorial includes individual discussion and group discussion question types. For indi-
vidual discussion question type, you will work on the question by your own and be ready to be asked
to present your answer/discussion. For group discussion question type, you will be assigned to a
group of 7-8 students (breakout rooms for online tutorials). Each group selects a group leader who is
responsible for collecting answers from your group discussion using PowerPoint slide. A unique link
to the PowerPoint slide (i.e., Google slide) will be given. Your tutor will share the screen to show the
slides and a selected presenter from the group will explain answer to the main class when the group
discussion/breakout room session end.
Exercise 1:
The advent of internetworked organizations and the increased reliance of companies on the
Internet to conduct their business has increased the chances of abuse.
Is it the case?
Discuss?
Answer:
Yes, it is the case. Organizations/companies increasingly use the Internet to conduct their
business which allows them to reach out to more customers internationally, collaborate with
other businesses, communicate with suppliers etc. Organizations must enable outsiders to
access to their website, servers though the use of the Internet. Consequently, they are vul-
nerable to the outside attacks which affect information systems with different types such as
spyware, virus, social engineering etc. Additionally, there are risks from internal employees.
For instance, employees with local administrator rights who disable security solutions on
their computers or click on links from phishing emails and let the infection spread from their
computers onto the entire corporate network. In organizations that allow Bring-Your-Own-
Device, the risks come from employees who might install malicious software intentionally
or unintentionally. It is noted that the chance that the attackers can abuse the reliance of
companies on the Internet is more likely to increase for companies that do not control their
information system security properly.
Duration: 10 min
1