Start Discovering Solved Questions and Your Course Assignments
TextBooks Included
Active Tutors
Asked Questions
Answered Questions
Of the professional organizations discussed in this chapter, which is focused on auditing and control? What is the stated purpose of the SANS organization?
What is due care? Why would an organization want to make sure it exercises due care in its usual course of operations?
Use a Web browser connected to the Internet to explore the career options in cybersecurity at the U.S. National Security Agency.
When would be the appropriate time to begin the forensic data collection process to analyze the root cause of this incident? Why?
Which can the computer process faster? Which lowers the costs associated with key management? What is a VPN? Why are VPNs widely used?
What are the main components of cryptology? Explain the relationship between plaintext and ciphertext?
Why do many organizations ban port scanning activities on their internal networks? Why would ISPs an outbound port scanning by their customers?
What is a DMZ? Is this really a good name for the function that this type of subnet performs? What is RADIUS?
When an organization undertakes an InfoSec-driven review of job descriptions, which job descriptions must be reviewed?
How do the security considerations for temporary or contract workers differ from those for regular employees?
Which two career paths are the most commonly encountered as entrees into the InfoSec discipline? Are there other paths? If so, describe them.
What functions does the security manager perform, and what are the key qualifications and requirements for the position?
What is the rationale for acquiring professional credentials? List and describe the certification credentials available to InfoSec professionals.
In your opinion, who should pay for the expenses of certification? Under what circumstances would your answer be different?
Why shouldn’t you show a job candidate secure areas during interviews? List and describe the types of nonemployee workers often used by organizations.
Write a job description for Iris’s new position, which is described in the following case scenario.
How much should an organization spend on conducting these checks if it interviews dozens of potential employees?
Using the data classification scheme presented, identify and classify the information contained in your personal computer or personal digital.
What is competitive advantage? How has it changed in the years since the IT industry began? What is competitive disadvantage?
What four types of controls or applications can be used to avoid risk? Describe how outsourcing can be used for risk transference?
What is the difference between qualitative measurement and quantitative measurement?
Mike and Iris were reviewing the asset valuation worksheets that had been collected from all the company managers. “Iris,” Mike said after a few minutes.
What is the difference between authentication and authorization? Can a system permit authorization without authentication?
How is an application-layer firewall different from a packet filtering firewall? Why is an application-layer firewall sometimes called a proxy server?
What special function does a cache server perform? Why does this function have value for larger organizations?