Start Discovering Solved Questions and Your Course Assignments
TextBooks Included
Active Tutors
Asked Questions
Answered Questions
Write a job description for Iris’s new position, which is described in the following case scenario.
How much should an organization spend on conducting these checks if it interviews dozens of potential employees?
Using the data classification scheme presented, identify and classify the information contained in your personal computer or personal digital.
What is competitive advantage? How has it changed in the years since the IT industry began? What is competitive disadvantage?
What four types of controls or applications can be used to avoid risk? Describe how outsourcing can be used for risk transference?
What is the difference between qualitative measurement and quantitative measurement?
Mike and Iris were reviewing the asset valuation worksheets that had been collected from all the company managers. “Iris,” Mike said after a few minutes.
What is the difference between authentication and authorization? Can a system permit authorization without authentication?
How is an application-layer firewall different from a packet filtering firewall? Why is an application-layer firewall sometimes called a proxy server?
What special function does a cache server perform? Why does this function have value for larger organizations?
What is the difference between an asset’s ability to generate revenue and its ability to generate profit?
Which information attribute is often of great value for networking equipment when Dynamic Host Configuration Protocol (DHCP) is not used?
Why do networking components need more examination from an InfoSec perspective than from a systems development perspective?
Which community of interest usually provides the resources used when undertaking information asset risk management?
Why is identification of risks, through a listing of assets and their vulnerabilities, so important to the risk management process?
Based on what you know about ISO 27000 program certification, what are the major steps of the process Maria will have to oversee?
How is it superior to the previous approach for the certification and accreditation of federal IT systems?
What is the Capability Maturity Model Integrated (CMMI), and which organization is responsible for its development? What is systems accreditation?
Describe the recommended process for the development of InfoSec measurement program implementation.
According to Gerald Kovacich, what are the critical questions to be kept in mind when developing a measurements program?
When choosing recommended practices, what limitations should you keep in mind? What are the NIST-recommended documents that support the process of baselining?
What is a recommended security practice? What is a good source for finding such recommended practices?
Will the use of the NIST SP that Iris has identified to create a “To Do” list create a customized and repeatable InfoSec program for the company?
Compare the ISO/IEC 27001 outline with the NIST documents discussed in this chapter. Which areas, if any, are missing from the NIST documents?
What is the common name for NIST SP 800-14? What is the document’s purpose? What resources does it provide?