All Matches
Solution Library
Expert Answer
Textbooks
Search Textbook questions, tutors and Books
Oops, something went wrong!
Change your search query and then try again
Toggle navigation
FREE Trial
S
Books
FREE
Tutors
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Ask a Question
Search
Search
Sign In
Register
study help
business
management information systems
Questions and Answers of
Management Information Systems
What is a DMZ? Is this really a good name for the function that this type of subnet performs?
How does screened-host firewall architecture differ from screened-subnet firewall architecture? Which offers more security for the information assets that remain on the trusted network?
What is the most effective biometric authorization technology? Why?
What is the most widely accepted biometric authorization technology? Why?
What is the difference between authentication and authorization? Can a system permit authorization without authentication? Why or why not?
How does Microsoft define “risk management”? What phases are used in its approach?
What is the OCTAVE Method? What does it provide to those who adopt it?
What is the difference between qualitative measurement and quantitative measurement?
What is the difference between organizational feasibility and operational feasibility?
What is the difference between benchmarking and baselining?
What is single loss expectancy? What is annual loss expectancy?
What is the difference between intrinsic value and acquired value?
What is a cost-benefit analysis?
What conditions must be met to ensure that risk acceptance has been used properly?
Describe how outsourcing can be used for risk transference.
What four types of controls or applications can be used to avoid risk?
Describe residual risk.
Describe the strategy of acceptance.
Describe the strategy of mitigation.
Describe the strategy of transferal.
Describe the strategy of defense.
What is competitive advantage? How has it changed in the years since the IT industry began?
Examine the simplest risk formula presented in this chapter. What are its primary elements?
Describe the TVA worksheet. What is it used for?
What are vulnerabilities?
How many threat categories are listed in this chapter? Which is noted as being the most frequently encountered, and why?
How many categories should a data classification scheme include? Why?
Which is more important to the information asset classification scheme, that it be comprehensive or that it be mutually exclusive?
When you document procedures, why is it useful to know where the electronic versions are stored?
Which information attribute is often of great value for networking equipment when Dynamic Host Configuration Protocol (DHCP) is not used?
Which information attributes are seldom or never applied to software elements?
In risk management strategies, why must periodic reviews be a part of the process?
Which community of interest usually provides the resources used when undertaking information asset risk management?
Which community of interest usually takes the lead in information asset risk management?
Who is responsible for risk management in an organization?
According to Sun Tzu, what two things must be achieved to secure information assets successfully?
Why is identification of risks, through a listing of assets and their vulnerabilities, so important to the risk management process?
List and describe the key areas of concern for risk management.
What is risk management?
What is the new Risk Management Framework initiative? How is it superior to the previous approach for the certification and accreditation of federal IT systems?
What industry standard requires system certification? How is this certification enforced?
What is systems certification?
What is systems accreditation?
What is the Capability Maturity Model Integrated (CMMI), and which organization is responsible for its development?
Why is a simple list of measurement data usually insufficient when reporting InfoSec measurements?
Describe the recommended process for the development of InfoSec measurement program implementation.
List and describe the fields found in a properly and fully defined performance measurement.
What is a performance target, and how is it used in establishing a measurement program?
What is a recommended security practice? What is a good source for finding such recommended practices?
What is information security policy? Why it is critical to the success of the InfoSec program?
Why should continuity plans be tested and rehearsed?
What are the three categories of InfoSec controls? How is each used to reduce risk for the organization?
What is a values statement? What is a vision statement? What is a mission statement? Why are they important? What do they contain?
List and describe the five steps of the general problem-solving process.
What factors are critical to the success of an InfoSec performance program?
According to Gerald Kovacich, what are the critical questions to be kept in mind when developing a measurements program?
What types of measures are used for InfoSec management measurement programs?
What is a performance measurement in the context of InfoSec management?
What are the NIST-recommended documents that support the process of baselining?
What is baselining? How does it differ from benchmarking?
When choosing recommended practices, what limitations should you keep in mind?
When selecting recommended practices, what criteria should you use?
What is the standard of due care? How does it relate to due diligence?
What is benchmarking?
What is COSO, and why is it important?
What is the common name for NIST SP 800-30? What is the document’s purpose? What resources does it provide?
What are the common names for NIST SP 800-53 and NIST SP 800-53A? What is the purpose of each document? What resources do they provide?
What is the common name for NIST SP 800-14? What is the document’s purpose? What resources does it provide?
What is the common name for NIST SP 800-12? What is the document’s purpose? What resources does it provide?
What are the two primary advantages of NIST security models?
What is COBIT? Who is its sponsor? What does it accomplish?
What are the documents in the ISO/IEC 27000 series?
What is an alternative model to the BS 7799 model (and its successors)? What does it include?
Which international InfoSec standards have evolved from the BS 7799 model? What do they include?
What is a data classification model? How is data classification different from a clearance level?
What is a mandatory access control?
Identify at least two approaches used to categorize access control methodologies. List the types of controls found in each.
What are the key principles on which access control is founded?
What are the essential processes of access control?
What is access control?
How might an InfoSec professional use a security model?
What is a security model?
What is an InfoSec blueprint?
What is an InfoSec framework?
When developing an awareness program, what priorities should you keep in mind?
List the steps in a seven-step methodology for implementing training.
What are the various delivery methods for training programs?
How does training differ from education? Which of the two is offered to a larger audience with regard to InfoSec?
Which of the SETA program’s three elements—education, training, and awareness is the organization best prepared to provide itself? Which should it consider outsourcing?
What is the purpose of a SETA program?
Describe the two overriding benefits of education, training, and awareness.
InfoSec positions can be classified into what three areas? Describe each briefly.
What are the elements of a security program, according to NIST SP 800-14?
Which two NIST documents largely determine the shape of an InfoSec program? Which other documents can assist in this effort?
What are some of the various ways to implement an awareness program?
What can influence the effectiveness of a training program?
What are the three areas of a SETA program?
What are the roles that an InfoSec professional can assume?
Into what four areas should the InfoSec functions be divided?
Where should an InfoSec unit be placed within an organization? Where shouldn’t it be placed?
Showing 300 - 400
of 1006
1
2
3
4
5
6
7
8
9
10
11