Principles of Information Security (Chapter 5)

Description

How To Plan For Security.
sisandambodlela
Flashcards by sisandambodlela, updated more than 1 year ago
sisandambodlela
Created by sisandambodlela over 9 years ago
903
0

Resource summary

Question Answer
Where can a security administrator go to find information on established security frameworks? A security administrator can look to the Information Technology- Code of Practice for Information Security Management, ISO 17799/BS 7799 as well as ISO 17799/BS 7799, the NIST Security Models including the SP 800-12, 14, 18, 26, and 30, and the VISA International Security Model are just a few of the established security frameworks available.
What are the inherent problems with ISO 17799, and why hasn't the U.S. adopted it? What are the recommended alternatives? The problems include:  The global information security community has not defined any justification for a code of practice as identified in the ISO/IEC 17799.  ISO/IEC 1799 lacks “the necessary measurement precision of a technical standard.”  There is no reason to believe that ISO/IEC 17799 is more useful than any other approach currently available.  ISO/IEC 17799 is not as complete as other frameworks available.  ISO/IEC 17799 is perceived to have been hurriedly prepared given the tremendous impact its adoption could have on industry information security controls. The recommended alternative is to use the many documents available from the Computer Security Resource Center of the National Institute for Standards and Technology. These documents are publicly available at no charge, and have been available for some time and therefore have been broadly reviewed by government and industry professionals.
What benefit can a private, for-profit agency derive from best practices designed for federal agencies? Private organization can take advantage of best practices designed for federal agencies by adapting many of the same methodologies and practices into its own organization. These best practices can facilitate an organization by helping them piece together the desired outcome of the security process, and therefore work backwards to an effective design.
Who is ultimately responsible for managing a technology? Who is responsible for enforcing policy that affects the use of a technology? Senior Management. Everyone in a supervisory position.
What are the five elements of a business impact analysis? The five elements of a business impact analysis are: a. Threat attack identification b. Business unit analysis c. Attack success scenario development d. Potential damage assessment e. Subordinate plan classification
Show full summary Hide full summary

Similar

Cultural Studies
Emily Fenton
Chemistry GCSE
frimpongr
AQA A2 Biology Unit 4: Populations
Charlotte Lloyd
Astronomy Practice Quiz
cbruner
Compensation and Benefits PHR Study Guide
Cari Hawthorne
PHR and SPHR Practice Questions
Elizabeth Rogers8284
An Inspector Calls Revision Notes
Noor Sohail
The Changing Natural Environment Part 2
R S
World War II Notebook
jenniferfish2014
Phân tích thiết kế hướng đối tượng
Bùi Phi
VO QUALI uni wien
Jules D