Start Discovering Solved Questions and Your Course Assignments
TextBooks Included
Active Tutors
Asked Questions
Answered Questions
How is it superior to the previous approach for the certification and accreditation of federal IT systems?
What is the Capability Maturity Model Integrated (CMMI), and which organization is responsible for its development? What is systems accreditation?
Describe the recommended process for the development of InfoSec measurement program implementation.
According to Gerald Kovacich, what are the critical questions to be kept in mind when developing a measurements program?
When choosing recommended practices, what limitations should you keep in mind? What are the NIST-recommended documents that support the process of baselining?
What is a recommended security practice? What is a good source for finding such recommended practices?
Will the use of the NIST SP that Iris has identified to create a “To Do” list create a customized and repeatable InfoSec program for the company?
Compare the ISO/IEC 27001 outline with the NIST documents discussed in this chapter. Which areas, if any, are missing from the NIST documents?
What is the common name for NIST SP 800-14? What is the document’s purpose? What resources does it provide?
What is COSO, and why is it important? Search the Internet for the term “Treadway Commission.”
What is COBIT? Who is its sponsor? What does it accomplish? What are the two primary advantages of NIST security models?
What is an alternative model to the BS 7799 model (and its successors)? What does it include? What are the documents in the ISO/IEC 27000 series?
Identify at least two approaches used to categorize access control methodologies. List the types of controls found in each?
What is an InfoSec blueprint?. What is a security model? How might an InfoSec professional use a security model? What is access control?
How is a changing U.S. state privacy law likely to affect an organization like RWW? What other laws affect privacy in the workplace?
Design five security posters on various aspects of InfoSec using a graphics presentation program and clipart.
What are the costs of the advertised security-specific training? Network certification? General computer training?
What are the various delivery methods for training programs? List the steps in a seven-step methodology for implementing training?
Which of the SETA program’s three elements—education, training, and awareness—is the organization best prepared to provide itself?
What are the elements of a security program, according to NIST SP 800-14? InfoSec positions can be classified into what three areas?
What can influence the effectiveness of a training program? What are some of the various ways to implement an awareness program?
Where should an InfoSec unit be placed within an organization? Where shouldn’t it be placed?
What organizational variables can influence the size and composition of an InfoSec program’s staff?
Prior to the first meeting of the RWW Enterprise Policy Review Committee, Mike asked Iris to meet him in his office.
Search your institution’s intranet or Web sites for its security policies. Do you find an enterprise security policy?