Solutions Manual for
Systems Analysis and Design 13th
Edition By Scott Tilley
(All Chapters 1-13, 100% Original
Verified, A+ Grade)
All Chapters Arranged Reverse: 13-1
This is the Original Solutions Manual
for 13th Edition, All Other Files in the
Market are Wrong/Old Questions.
, Solution and Answer Guide: Tilley, Systems Analysis and Design, 13e .
Chapter 13: Managing Systems Security
Solution and Answer Guide
TILLEY, SYSTEMS ANALYSIS & DESIGN , 13E . CHAPTER 13: M ANAGING SYSTEMS SECURITY
TABLE OF CONTENTS
Review Questions..........................................................................................................1
Discussion Topics..........................................................................................................2
Hands-On Projects........................................................................................................3
Ethical Issues................................................................................................................4
Activity Rubric..............................................................................................................5
REVIEW QUESTIONS
1. What are the three foundational principles of system security?
Solution Guidance: Integrity, confidentiality, and availability are the foundational principles of system
security.
2. Name two types of attacker profiles and describe their primary motivations.
Solution Guidance: Cyberterrorists aim to advance political or social goals, while hackers (black hats)
seek unauthorized access to systems for malicious purposes.
3. What are the first two steps in the risk identification process?
Solution Guidance: Risk identification involves systematically identifying potential security threats
and vulnerabilities.
4. What are two levels of system security?
Solution Guidance: Physical security and network security are two levels of system security.
5. What is a key component of developing and implementing security policies?
Solution Guidance: A key component is establishing clear guidelines that define acceptable use and
security practices.
6. What role does SIEM play in organizational security?
Solution Guidance: SIEM plays a critical role in real-time monitoring and analyzing security alerts
generated by applications and network hardware.
© 2025 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in
whole or in part.
1
, Solution and Answer Guide: Tilley, Systems Analysis and Design, 13e .
Chapter 13: Managing Systems Security
7. Name an essential element of effective backup policies.
Solution Guidance: Regular scheduling of backups to ensure data integrity and availability is essential.
8. What is one primary principle of cyberethics?
Solution Guidance: Respecting user privacy and ensuring that digital actions do not harm others are
primary principles of cyberethics.
9. How does cloud computing impact system security?
Solution Guidance: Cloud computing introduces scalability and resource sharing but requires
enhanced security measures for data protection.
10. What is one component of a resilient cybersecurity culture within an organization?
Solution Guidance: A strong organizational ethos that promotes security awareness and adherence to
security practices is a component of a resilient cybersecurity culture.
DISCUSSION TOPICS
1. How do attacker profiles and motivations influence the steps involved in risk identification?
Solution Guidance: Attacker profiles and motivations directly inform risk identification by
highlighting specific vulnerabilities and threats an organization may face. Understanding these profiles
helps organizations anticipate potential attack vectors and prioritize risks based on the likelihood of being
targeted by different types of attackers.
2. Discuss the relationship between developing and implementing security policies and the essential elements
of effective backup policies.
Solution Guidance: Developing and implementing security policies is foundational to creating
effective backup policies. Security policies outline the broader organizational stance on data protection and
backup policies define specific procedures for data preservation, aligning with the overall security
objectives.
3. How do the different levels of systems security impact the legal and ethical considerations in system
security?
Solution Guidance: The levels of systems security influence legal and ethical considerations by
dictating the scope of protection measures. Higher security levels necessitate adherence to stricter legal
frameworks and ethical standards to ensure comprehensive protection of sensitive information and systems.
© 2025 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in
whole or in part.
2
, Solution and Answer Guide: Tilley, Systems Analysis and Design, 13e .
Chapter 13: Managing Systems Security
4. How do emerging technologies affect the formulation and enforcement of security policies?
Solution Guidance: Emerging technologies challenge existing security policies by introducing new
vulnerabilities and altering threat landscapes. This dynamic requires continuous evaluation and adaptation
of security policies to encompass protections against threats posed by new technologies, ensuring that
policies remain relevant and effective.
5. How does building a resilient cybersecurity culture enhance the effectiveness of risk management strategies
in system security?
Solution Guidance: Cultivating a resilient cybersecurity culture bolsters risk management strategies by
embedding security awareness and practices into the organizational ethos. This cultural shift enhances the
ability to identify, assess, and mitigate risks, contributing to a more secure and resilient operational
environment.
HANDS-ON PROJECTS
1. Create a simulated cyberattack scenario based on a chosen attacker profile. Conduct a risk assessment for
the scenario, identifying potential vulnerabilities and proposing mitigation strategies.
Solution Guidance: Evaluate the cyberattack scenario’s creativity and realism, the risk assessment’s
depth and thoroughness, and the practicality of proposed mitigation strategies. Consider how well the
student identifies vulnerabilities and develops relevant and actionable mitigation steps.
2. Design a comprehensive security policy for an organization that includes specific sections on backup
strategies. Consider aspects like data criticality, backup frequency, and recovery objectives.
Solution Guidance: Assess the comprehensiveness, clarity, and feasibility of the proposed security
policy. Ensure the policy adequately covers essential aspects such as data criticality, backup frequency, and
recovery objectives and is practical for implementation.
3. Analyze an organization’s security measures across different levels (physical, network, application) and
evaluate their compliance with specific data protection laws.
Solution Guidance: Focus on the depth of analysis across security levels, the accuracy of compliance
with data protection laws, and the insightfulness of observations and recommendations. Evaluate the
student’s ability to thoroughly assess and provide meaningful feedback on an organization’s security
posture.
4. Research an emerging technology (e.g., IoT, blockchain) and draft a section of a security policy that
addresses the unique challenges and security considerations introduced by this technology.
Solution Guidance: Look for thorough research on the technology, innovative approaches to
addressing its unique challenges and security considerations, and how well the policy section integrates into
the broader security policy framework.
5. Develop a program that fosters a security-first mindset among employees and assesses its impact on
reducing identified risks within the organization.
Solution Guidance: Examine the design’s effectiveness in reducing risks, strategies for engaging
employees, and methods proposed for measuring the program’s impact on security awareness and behavior
change. Evaluate the practicality and potential effectiveness of the program in fostering a security-first
culture.
© 2025 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in
whole or in part.
3
Systems Analysis and Design 13th
Edition By Scott Tilley
(All Chapters 1-13, 100% Original
Verified, A+ Grade)
All Chapters Arranged Reverse: 13-1
This is the Original Solutions Manual
for 13th Edition, All Other Files in the
Market are Wrong/Old Questions.
, Solution and Answer Guide: Tilley, Systems Analysis and Design, 13e .
Chapter 13: Managing Systems Security
Solution and Answer Guide
TILLEY, SYSTEMS ANALYSIS & DESIGN , 13E . CHAPTER 13: M ANAGING SYSTEMS SECURITY
TABLE OF CONTENTS
Review Questions..........................................................................................................1
Discussion Topics..........................................................................................................2
Hands-On Projects........................................................................................................3
Ethical Issues................................................................................................................4
Activity Rubric..............................................................................................................5
REVIEW QUESTIONS
1. What are the three foundational principles of system security?
Solution Guidance: Integrity, confidentiality, and availability are the foundational principles of system
security.
2. Name two types of attacker profiles and describe their primary motivations.
Solution Guidance: Cyberterrorists aim to advance political or social goals, while hackers (black hats)
seek unauthorized access to systems for malicious purposes.
3. What are the first two steps in the risk identification process?
Solution Guidance: Risk identification involves systematically identifying potential security threats
and vulnerabilities.
4. What are two levels of system security?
Solution Guidance: Physical security and network security are two levels of system security.
5. What is a key component of developing and implementing security policies?
Solution Guidance: A key component is establishing clear guidelines that define acceptable use and
security practices.
6. What role does SIEM play in organizational security?
Solution Guidance: SIEM plays a critical role in real-time monitoring and analyzing security alerts
generated by applications and network hardware.
© 2025 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in
whole or in part.
1
, Solution and Answer Guide: Tilley, Systems Analysis and Design, 13e .
Chapter 13: Managing Systems Security
7. Name an essential element of effective backup policies.
Solution Guidance: Regular scheduling of backups to ensure data integrity and availability is essential.
8. What is one primary principle of cyberethics?
Solution Guidance: Respecting user privacy and ensuring that digital actions do not harm others are
primary principles of cyberethics.
9. How does cloud computing impact system security?
Solution Guidance: Cloud computing introduces scalability and resource sharing but requires
enhanced security measures for data protection.
10. What is one component of a resilient cybersecurity culture within an organization?
Solution Guidance: A strong organizational ethos that promotes security awareness and adherence to
security practices is a component of a resilient cybersecurity culture.
DISCUSSION TOPICS
1. How do attacker profiles and motivations influence the steps involved in risk identification?
Solution Guidance: Attacker profiles and motivations directly inform risk identification by
highlighting specific vulnerabilities and threats an organization may face. Understanding these profiles
helps organizations anticipate potential attack vectors and prioritize risks based on the likelihood of being
targeted by different types of attackers.
2. Discuss the relationship between developing and implementing security policies and the essential elements
of effective backup policies.
Solution Guidance: Developing and implementing security policies is foundational to creating
effective backup policies. Security policies outline the broader organizational stance on data protection and
backup policies define specific procedures for data preservation, aligning with the overall security
objectives.
3. How do the different levels of systems security impact the legal and ethical considerations in system
security?
Solution Guidance: The levels of systems security influence legal and ethical considerations by
dictating the scope of protection measures. Higher security levels necessitate adherence to stricter legal
frameworks and ethical standards to ensure comprehensive protection of sensitive information and systems.
© 2025 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in
whole or in part.
2
, Solution and Answer Guide: Tilley, Systems Analysis and Design, 13e .
Chapter 13: Managing Systems Security
4. How do emerging technologies affect the formulation and enforcement of security policies?
Solution Guidance: Emerging technologies challenge existing security policies by introducing new
vulnerabilities and altering threat landscapes. This dynamic requires continuous evaluation and adaptation
of security policies to encompass protections against threats posed by new technologies, ensuring that
policies remain relevant and effective.
5. How does building a resilient cybersecurity culture enhance the effectiveness of risk management strategies
in system security?
Solution Guidance: Cultivating a resilient cybersecurity culture bolsters risk management strategies by
embedding security awareness and practices into the organizational ethos. This cultural shift enhances the
ability to identify, assess, and mitigate risks, contributing to a more secure and resilient operational
environment.
HANDS-ON PROJECTS
1. Create a simulated cyberattack scenario based on a chosen attacker profile. Conduct a risk assessment for
the scenario, identifying potential vulnerabilities and proposing mitigation strategies.
Solution Guidance: Evaluate the cyberattack scenario’s creativity and realism, the risk assessment’s
depth and thoroughness, and the practicality of proposed mitigation strategies. Consider how well the
student identifies vulnerabilities and develops relevant and actionable mitigation steps.
2. Design a comprehensive security policy for an organization that includes specific sections on backup
strategies. Consider aspects like data criticality, backup frequency, and recovery objectives.
Solution Guidance: Assess the comprehensiveness, clarity, and feasibility of the proposed security
policy. Ensure the policy adequately covers essential aspects such as data criticality, backup frequency, and
recovery objectives and is practical for implementation.
3. Analyze an organization’s security measures across different levels (physical, network, application) and
evaluate their compliance with specific data protection laws.
Solution Guidance: Focus on the depth of analysis across security levels, the accuracy of compliance
with data protection laws, and the insightfulness of observations and recommendations. Evaluate the
student’s ability to thoroughly assess and provide meaningful feedback on an organization’s security
posture.
4. Research an emerging technology (e.g., IoT, blockchain) and draft a section of a security policy that
addresses the unique challenges and security considerations introduced by this technology.
Solution Guidance: Look for thorough research on the technology, innovative approaches to
addressing its unique challenges and security considerations, and how well the policy section integrates into
the broader security policy framework.
5. Develop a program that fosters a security-first mindset among employees and assesses its impact on
reducing identified risks within the organization.
Solution Guidance: Examine the design’s effectiveness in reducing risks, strategies for engaging
employees, and methods proposed for measuring the program’s impact on security awareness and behavior
change. Evaluate the practicality and potential effectiveness of the program in fostering a security-first
culture.
© 2025 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in
whole or in part.
3
