Question1. What does the Supreme Court of Canada say about the role that an organization’s computer use policy and practices may play in the assessment of whether there is a reasonable expectation of privacy in a work laptop computer where employees are permitted to use the laptop computer for personal matters? What do you recommend to an organization should be done to address this situation?
Question2. You are the IT systems security manager. The CEO just called you. Your company has suffered a cyber breach in which company data has been encrypted using strong encryption. Without the operational data the company cannot continue to operate. The criminals demand that the company pay a ransom of 5 bitcoin in 48 hours. What should the organization do to mitigate the risks? What is your advice to the CEO on whether to pay the ransom and what factors support your advice?