1. When law enforcement becomes involved, the need may arise to freeze systems as part of the evidence. There is also the likelihood that the incident will become known publicly. Do you think these issues play a significant part in the decision to involve law enforcement? Why or why not? Can you name some situations in which you believe that large organizations have decided not to involve law enforcement?

2. What kind of user training should be conducted to deal with the issue of noise. How do you strike a balance between being overwhelmed with false positives and the danger of ignoring true incidents?  What effects would false positives have on an organization?  Make sure to cite your sources.

"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"