CSI3350Enterprise Security & GovernanceWorkshop #1❑ What are the 3 most common cybersecurity problems in enterprises?❑ Should enterprises focus on security trends or their business objectives?❑ Which aspects of Enterprise Security and Governance seem most interestingto you and why?Tasks❑ Consider the following scenario: An Imaginary enterprise named Fifth Bucket providessoftware solutions to a number of small to medium sized organizations. For example,the websites, anti-virus, etc.❑ Now in the event of a cyber attack on any of the small organizations, who should beresponsible for the damages and why?❑ You are welcome to assume with reasonable justification. In your not more than 100words answer, you should consider the user, applications, data, roles, process andgovernance.Tasks❑ As we know, the ISO 27000 series is one of the most used certifications withininformation security. One of the most well-known variants of the ISO 27000 series isthe ISO 27001 information security guideline. At this point, you should be familiar withthe ISO 27001 guideline. Despite being the most well-known variants, the ISO 27001is not very specific in the matter of implementation. Moreover, there are othercertifications that an organization can achieve other than the ISO 27000 series. We’llalso have a look at these certifications inside this workshop.Tasks❑ Research other variants of the ISO 27000 series❑ Note the differences between them❑ Research other certifications other than the ISO 27000 series. [Hint] Google these terms: COBIT,SOC II Type 1 and 2, NIST CSFTasks❑ Can the other certifications be used intertwined with other certifications? For example, can NISTCSF be combined with ISO 27000 series❑ If yes, then if an organization were to combine both certification by implementing half of each,can an organization be certified by both certifying body or none?❑ In the industry, there are different sizes of organization. For example, a starter business,medium enterprises, and huge corporations. Which certification should each business size stridefor?❑Remember: certifications costs money and infrastructure sizes impact the certification (the moresystems there are, the more things we need to secure, therefore, it gets harder to achieve acertification.)❑ Use appropriate references to support your answers.Answer the followingHuman Factors…Next Week ..
