You are the owner of the courier company SpeeDelivery. You employ a few people who, while
waiting to make a delivery, can carry out other tasks. You notice, however, that they use this time
to send and read their private mail and surf the Internet. In legal terms, in which way can the use
of the Internet and e-mail facilities be best regulated?

Why is air-conditioning placed in the server room?

Who is authorized to change the classification of a document?

The company Midwest Insurance has taken many measures to protect its information. It uses an
Information Security Management System, the input and output of data in applications is validated,
confidential documents are sent in encrypted form and staff use tokens to access information
systems. Which of these is not a technical measure?

What is an example of a physical security measure?

What physical security measure is necessary to control access to company information?

Why do organizations have an information security policy?

You work in the IT department of a medium-sized company. Confidential information has got into
the wrong hands several times. This has hurt the image of the company. You have been asked to
propose organizational security measures for laptops at your company. What is the first step that
you should take?

You work for a large organization. You notice that you have access to confidential information that
you should not be able to access in your position. You report this security incident to the helpdesk.
The incident cycle isinitiated. What are the stages of the security incident cycle?

Your organization has an office with space for 25 workstations. These workstations are all fully
equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which are
used for a call centre 24 hours per day. Five workstations must always be available. What
physical security measures must be taken in order to ensure this?