Scenario 6: Skyver offers worldwide shipping of electronic products, including gaming consoles, flat-screen TVs, computers, and printers. In order to ensure information security, the company has decided to implement an information security management system (ISMS) based on the requirements of ISO/IEC 27001.Colin, the company’s best information security expert, decided to hold a training and awareness session for the personnel of the company regarding the information security challenges and other information security-related controls. The session included topics such as Skyver’s information security approaches and techniques for mitigating phishing and malware.One of the participants in the session is Lisa, who works in the HR Department. Although Colin explains the existing Skyver’s information security policies and procedures in an honest and fair manner, she finds some of the issues being discussed too technical and does not fully understand the session. Therefore, in a lot of cases, she requests additional help from the trainer and her colleagues.Based on the scenario above, answer the following question:How should Colin have handled the situation with Lisa?
Based on the last paragraph of scenario 6, which principles of an effective communication strategy did Colin NOT follow?
Based on scenario 6, Lisa found some of the issues being discussed in the training and awareness session too technical, thus not fully understanding the session. What does this indicate?
Based on scenario 6, when should Colin deliver the next training and awareness session?
What is the difference between training and awareness? Refer to scenario 6.
Scenario 7: InfoSec is a multinational corporation headquartered in Boston, MA, which provides professional electronics, gaming, and entertainment services. After facing numerous information security incidents, InfoSec has decided to establish teams and implement measures to prevent potential incidents in the future.Emma, Bob, and Anna were hired as the new members of InfoSec’s information security team, which consists of a security architecture team, an incident response team (IRT) and a forensics team. Emma’s job is to create information security plans, policies, protocols, and training to prepare InfoSec to respond to incidents effectively. Emma and Bob would be full-time employees of InfoSec, whereas Anna was contracted as an external consultant.Bob, a network expert, will deploy a screened subnet network architecture. This architecture will isolate the demilitarized zone (DMZ) to which hosted public services are attached and InfoSec’s publicly accessible resources from their private network. Thus, InfoSec will be able to block potential attackers from causing unwanted events inside the company’s network. Bob is also responsible for ensuring that a thorough evaluation of the nature of an unexpected event is conducted, including the details on how the event happened and what or whom it might affect.Anna will create records of the data, reviews, analysis, and reports in order to keep evidence for the purpose of disciplinary and legal action, and use them to prevent future incidents. To do the work accordingly, she should be aware of the company’s information security incident management policy beforehand.Among others, this policy specifies the type of records to be created, the place where they should be kept, and the format and content that specific record types should have.Based on this scenario, answer the following question:Based on his tasks, which team is Bob part of?
