Question 1
A Security program decision enables a high-level view of the way that security is ensured for a particular resource throughout an enterprise (Kaisler et al., 2005). The solution, however, covers four dimensions of security: Physical, data, personnel as well as operational and may involve matrices as well.
Operational security
In the section of operational security, the security program promotes a development of standard operating procedures for every enterprise architecture component that supports line of business operations.
Data security
In this section of information security, the security program promotes security-conscious designs, source authentication, data access and control and content assurance.
Personnel security
In this section of personnel security, the security program promotes user authentication and informational security awareness and recurring training
Physical security
The physical security elements that need capturing in the enterprise architecture include protection for the facilities that provide support for information processing, access to information technology equipment networks and telecommunication rooms
Question 2
Depending on the information assets in question and the intentions that an attacker has, or could try to harvest sensitive information and data with the help of legitimate emails such as phishing or exploit a cross site scripting vulnerabilities in a web application (Liu et al., 2009). The various attacks that can be imposed include; code injection which is often regarded as the most troubling type of attack; a binary code injection which involves insertion of malicious code in a binary program that alters the way that programs behaves and is generally conducted through a buffer overflow; and source code injection attack, all this introduces code into a computer system by taking advantage of unchecked assumptions the system makes about its inputs.
Question 3
Risk assessment, in general, can be conducted in a qualitative as well as quantitative manner. A qualitative approach uses relative or subjective measures such as rankings. A quantitative approach attempts to measure factors with specific. For example, in an instance of enterprise financial data as an asset that should be kept confidential manner from competitors (Morganwalp & Sage, 2004). It would be better to provide prevention of unauthorized disclosure from taking place than to detect when such disclosures take place and try to recover from it.
References
Kaisler, S. H., Armour, F., & Valivullah, M. (2005, January). Enterprise architecting: Critical problems. In System Sciences, 2005. HICSS'05. Proceedings of the 38th Annual Hawaii International Conference on (pp. 224b-224b). IEEE.
Liu, A., Yuan, Y., Wijesekera, D., & Stavrou, A. (2009, March). SQLProb: a proxy-based architecture towards preventing SQL injection attacks. InProceedings of the 2009 ACM symposium on Applied Computing (pp. 2054-2061). ACM.
Morganwalp, J. M., & Sage, A. P. (2004). Enterprise architecture measures of effectiveness. International Journal of Technology, Policy and Management, 4(1), 81-94.
