Write between 400 to 600 words for each of the short-essay questions. All questions are of equal value.

Write between 400 to 600 words for each of the short-essay questions. All questions are of equal value. You should provide credible references for each question according to the Faculty of Business guidelines.Question 1Discuss the different categories that can be used for sensitive information. When designing a system, how do you determine how many categories are necessary? Are there downsides to systems with too many or too few categories?Question 2Describe a scenario where the best security architecture would be the Brewer-Nash model. Give reasons why this would be the best and discuss if other models would be suitable.Question 3Make a list of information security metrics that could be collected for a small internet commerce company with ten employees. The company uses an outside vendor for packaging and distribution. To whom should the metrics be reported?Question 4Identify threats to the information security of a small internet commerce company with ten employees. This company uses an outside vendor for its order fulfillment. Once the list of threats has been generated, assign a likelihood score to each threat.Question 5Research the Microsoft risk management approach and write a report describing each of the four phases in the security risk management process. Make a list of questions or concerns you may have with the described approach.Question 6Discuss the difficulty in estimating the probability of a threat or attack occurring. Describe methods that can be used to make these estimates?RationaleThis assessment item is designed to test your understanding of ICT management and information security topics and issues. It is also to test your ability to write coherently and knowledgeable in these areas.