Created by sisandambodlela
over 9 years ago
|
||
Question | Answer |
Where can a security administrator go to find information on established security frameworks? | A security administrator can look to the Information Technology- Code of Practice for Information Security Management, ISO 17799/BS 7799 as well as ISO 17799/BS 7799, the NIST Security Models including the SP 800-12, 14, 18, 26, and 30, and the VISA International Security Model are just a few of the established security frameworks available. |
What are the inherent problems with ISO 17799, and why hasn't the U.S. adopted it? What are the recommended alternatives? | The problems include: The global information security community has not defined any justification for a code of practice as identified in the ISO/IEC 17799. ISO/IEC 1799 lacks “the necessary measurement precision of a technical standard.” There is no reason to believe that ISO/IEC 17799 is more useful than any other approach currently available. ISO/IEC 17799 is not as complete as other frameworks available. ISO/IEC 17799 is perceived to have been hurriedly prepared given the tremendous impact its adoption could have on industry information security controls. The recommended alternative is to use the many documents available from the Computer Security Resource Center of the National Institute for Standards and Technology. These documents are publicly available at no charge, and have been available for some time and therefore have been broadly reviewed by government and industry professionals. |
What benefit can a private, for-profit agency derive from best practices designed for federal agencies? | Private organization can take advantage of best practices designed for federal agencies by adapting many of the same methodologies and practices into its own organization. These best practices can facilitate an organization by helping them piece together the desired outcome of the security process, and therefore work backwards to an effective design. |
Who is ultimately responsible for managing a technology? Who is responsible for enforcing policy that affects the use of a technology? | Senior Management. Everyone in a supervisory position. |
What are the five elements of a business impact analysis? | The five elements of a business impact analysis are: a. Threat attack identification b. Business unit analysis c. Attack success scenario development d. Potential damage assessment e. Subordinate plan classification |
Want to create your own Flashcards for free with GoConqr? Learn more.