Information Security Chap 4 Review

3080 words - 13 pages

1. What is risk management? Why is the identification of risks, by listing assets and their vulnerabilities, so important to the risk management process?
Risk management is the process of identifying risk, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level. Each of the three elements in the C.I.A. triangle, introduced in Chapter 1, is an essential part of every IT organization’s ability to sustain long-term competitiveness. When an organization depends on IT-based systems to remain viable, information security and the discipline of risk management must become an integral part of the ...view middle of the document...

This means identifying, examining, and understanding the threats facing the organization. You must determine which threat aspects most directly affect the security of the organization and its information assets, and then use this information to create a list of threats, each one ranked according to the importance of the information assets that it threatens.

3. Who is responsible for risk management in an organization? Which community of interest usually takes the lead in information security risk management?
Each community of interest has a role to play in managing the risks that an organization encounters. Because the members of the information security community best understand the threats and attacks that introduce risk into the organization, they often take a leadership role in addressing risk. Management and users, when properly trained and kept aware of the threats the organization faces, play a part in the early detection and response process. Management must also ensure that sufficient resources (money and personnel) are allocated to the information security and information technology groups to meet the security needs of the organization. Users work with the systems and the data and are therefore well positioned to understand the value these information assets offer the organization and which assets among the many in use are the most valuable. The information technology community of interest must build secure systems and operate them safely. For example, IT operations ensure good backups to control the risk from hard drive failures. The IT community can provide both valuation and threat perspectives to management during the risk management process. All of the communities of interest must work together to address all levels of risk, which range from disasters that can devastate the whole organization to the smallest employee mistakes.
4. In risk management strategies, why must periodic review be a part of the process?
It is essential that all three communities of interest conduct periodic management reviews. The first focus of management review is asset inventory. On a regular basis, management must verify the completeness and accuracy of the asset inventory. In addition, organizations must review and verify the threats to and vulnerabilities in the asset inventory, as well as the current controls and mitigation strategies. They must also review the cost effectiveness of each control and revisit the decisions on deployment of controls. Furthermore, managers at all levels must regularly verify the ongoing effectiveness of every control deployed. For example, a sales manager might assess control procedures by walking through the office before the workday starts, picking up all the papers from every desk in the sales department. When the workers show up, the manager could inform them that a fire had been simulated and all of their papers destroyed, and that each worker must now follow the disaster recovery procedures to assess the...

Other Papers Like Information Security Chap 4 Review

Access Control Policy Essay

1684 words - 7 pages Associate Level Material Appendix F Access Control Policy Student Name: Charles Williams University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Tarik Lles Date: December 4, 2011 Access Control Policy Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems Access control is used to restrict operations, which authorized users can

Economics Homework Essay

1061 words - 5 pages . Data on specific items recorded previously are collected and recorded for changes. New products and changes in the quality of existing products are recognized and noted. The information is then sent to the BLS, where commodity specialists review the data. <DOCPAGE NUM="531"></DOCPAGE><CHAP NUM="13"><TTL>Chapter 13</TTL></CHAP> <DOCPAGE NUM="531"></DOCPAGE><H1 NUM="1">Technical

Nt2580 Unit 4

746 words - 3 pages outside business interests. The Richman investments employee bears responsibility for the consequences should the access be misused. 3. Please review the following policies for details of protecting information when accessing the corporate network via remote access methods, and acceptable use of Richman investments's network: a. Acceptable Encryption Policy b. Virtual Private Network (VPN) Policy c. Wireless Communications Policy d

The Kurds in Syria, a Struggle for Self-Determination

4101 words - 17 pages , Michel. “Syria… the road to where.’’ Contemporary Arab Affairs 4 no 4 2011 431-444 Accessed October 14, 2013 http //rug worldcat org/title/syria-the-road-to-where/oclc/785936808&referer=brief_results Lesch, David W “The Arab Spring – and winter – in Syria ” Global Change Peace & Security formerly Pacifica Review Peace Security & Global Change 23 no 3 October 2011 421-426 Accessed October 14 2013 http //rug worldcat org/title/the

It255 Final Exam Study Guide

1487 words - 6 pages Final Exam Study Guide 1. Which of the following is an action that could damage an asset? a. Risk b. Threat c. Data transfer d. Information assessment Reference: p6 2. Which law requires all types of financial institutions to protect customers’ private financial information? a. GLBA b. SOX c. FISMA d. CIPA Reference: p9 3. An AUP is part of a layered approach to security, and it supports confidentiality. What else

It Audit Guide

4838 words - 20 pages IT [pic] Australian Government Department of Defence Information System Audit Guide VERSION 11.1 January 2012 Table of Contents 1. Introduction to Accreditation 4 2. The Information System Audit – Checklist 7 2.1. What is an Information System Audit? 7 2.2. Why is an Information System Certification needed? 7 2.3. Assessing an Information System’s Security Risks 7

Hacking Technologies Midterm Study Guide

3917 words - 16 pages review their security vulnerabilities 8. What role does professional organizations and certifying bodies play in regards to ethical standards? 9. What is the issue with conducting security assessments without prior authorization? Engaging in any hacking activity without the explicit permission of the owner of the target you are attacking is a crime whether you get caught or not. You will be treated as a hostile threat and persecuted by

Cap Study Guide

5295 words - 22 pages maintained for an information system and in many organizations is assigned responsibility for the day-to-day security operations of a system? a. Information System Security officer 4. Who is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls? a. system owner, and/or

Course Discription

968 words - 4 pages : Wiley. Article References Barr, J. G. (2012). Business continuity for web sites. Faulkner Information Services, 1-9. Barr, J. G. (2012). Identity management market trends. Faulkner Information Services, 1-10. Barr, J. G. (2013). Common criteria overview. Faulkner Information Services, 1-10. Barr, J. G. (2013). Biometrics market trends. Faulkner Information Services, 1-7. Week One: IT Security Overview Details Due Points

Anova Midterm Review

531 words - 3 pages means model and factor effects model. 5. Suppose that factor A has 4 levels and 6 observations per level. Complete the following ANOVA table. Source df SS MS F-value A ___ 100 ____ _____ Error ___ ____ 24 Total ___ ____ 6. Using the information provided in #2 and MSE = 9, provide a Bonferroni CI for μ3 – μ1. 7. Explain the statistical power of a test of hypothesis by using the following hypotheses: H0

Security Breach

1832 words - 8 pages . References Burdon, M., Reid, J & Low, R. (2010). Encryption safe harbours and data breach notification laws. Computer Law & Security Review, 26(5), 520-534. Colwill, C. (2009). Human factors in information security: The insider threat – Who can you trust these days. Information Security Technical Report, 14(4), 186-196. Electronic support. (2011). Retrieved October 14, 2011 from http://esupport.sony.com/perl/select-system.pl Information

Related Essays

Principles Of Information Security Chapter 3 Review

1301 words - 6 pages . What is civil law, and what does it accomplish? A wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organisational and entities and people. 3. What are the primary examples of public law? Criminal, administrative and constitutional law. 4. Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change? The National Information Infrastructure Protection of

Pricinples Of Information Security, Chapter 3 Review Questions

1536 words - 7 pages people. 3. What are the primary examples of public law? criminal, administrative, and constitutional law 4. Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change? the National Information Infrastructure Protection Act of 1996, which modified several sections of the amended the Computer Fraud and Abuse Act of 1986 and increased the penalties for selected crimes. The punishment for offenses prosecuted under

It System Scurity Essay

613 words - 3 pages all users in the domain unless application requirements outweigh the need to protect password information. 3. When should you enable the option to “Store passwords using reversible encryption”? If you use the Challenge Handshake Authentication Protocol (CHAP) through remote access or Internet Authentication Services (IAS), you must enable this policy setting. CHAP is an authentication protocol that is used by remote access and network

Sensitve Items Essay

1333 words - 6 pages on you. As described in army regulation 190-51 all sensitive items must stay secured. AR 190–51 Security of Unclassified Army Property (Sensitive and Nonsensitive) This revision-- o Consolidates paragraphs 6 through 9, 11, 13, 15 through 17, and 19 of AR 190-18 into chapter 5 and AR 190-50 into chapter 4. o consolidates all responsibilities, to include controlled substances and museums (chap 1). o Adds requirements for conducting risk