Start Discovering Solved Questions and Your Course Assignments
TextBooks Included
Active Tutors
Asked Questions
Answered Questions
What is COSO, and why is it important? Search the Internet for the term “Treadway Commission.”
What is COBIT? Who is its sponsor? What does it accomplish? What are the two primary advantages of NIST security models?
What is an alternative model to the BS 7799 model (and its successors)? What does it include? What are the documents in the ISO/IEC 27000 series?
Identify at least two approaches used to categorize access control methodologies. List the types of controls found in each?
What is an InfoSec blueprint?. What is a security model? How might an InfoSec professional use a security model? What is access control?
How is a changing U.S. state privacy law likely to affect an organization like RWW? What other laws affect privacy in the workplace?
Design five security posters on various aspects of InfoSec using a graphics presentation program and clipart.
What are the costs of the advertised security-specific training? Network certification? General computer training?
What are the various delivery methods for training programs? List the steps in a seven-step methodology for implementing training?
Which of the SETA program’s three elements—education, training, and awareness—is the organization best prepared to provide itself?
What are the elements of a security program, according to NIST SP 800-14? InfoSec positions can be classified into what three areas?
What can influence the effectiveness of a training program? What are some of the various ways to implement an awareness program?
Where should an InfoSec unit be placed within an organization? Where shouldn’t it be placed?
What organizational variables can influence the size and composition of an InfoSec program’s staff?
Prior to the first meeting of the RWW Enterprise Policy Review Committee, Mike asked Iris to meet him in his office.
Search your institution’s intranet or Web sites for its security policies. Do you find an enterprise security policy?
List and describe the two general groups of material included in most SysSP documents? List and describe the three approaches to policy development.
List and describe the teams that perform the planning and execution of the CP plans and processes. What is the primary role of each?
What options will Iris have if she finds an IT strategic objective that she thinks would reduce the security of RWW’s information assets?
What is the name for the broad process of planning for the unexpected? What are its primary components?
Review your Problem Evaluation Paper. Select one of your possible solutions for the problem you identified.
Define the term “incident” as used in the context of IRP. How is it related to the concept of incident response?
Describe the two ways they can be used? List and describe several containment strategies given in the text. On which tasks do they focus?
What criteria should be used when considering whether or not to involve law enforcement agencies during an incident?
What is a business continuity plan, and why is it important? What is a business impact analysis, and what is it used for?