All Matches
Solution Library
Expert Answer
Textbooks
Search Textbook questions, tutors and Books
Oops, something went wrong!
Change your search query and then try again
Toggle navigation
FREE Trial
S
Books
FREE
Tutors
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Ask a Question
Search
Search
Sign In
Register
study help
business
management information systems
Questions and Answers of
Management Information Systems
What is the typical size of the security staff in a small organization? A medium sized organization? A large organization? A very large organization?
What organizational variables can influence the size and composition of an InfoSec program’s staff?
What functions constitute a complete InfoSec program?
What is an InfoSec program?
List and describe the three approaches to policy development presented in this chapter. In your opinion, which is best suited for use by a smaller organization and why? If the target organization
List and describe the two general groups of material included in most SysSP documents.
List and describe three common ways in which ISSP documents are created and/or managed.
What should be the first component of an ISSP when it is presented? Why? What should be the second major component? Why?
List and describe three functions that the ISSP serves in the organization.
List and describe four elements that should be present in the EISP.
To what degree should the organization’s values, mission, and objectives be integrated into the policy documents?
What is the purpose of a SysSP?
What is the purpose of an ISSP?
What is the purpose of an EISP?
List and describe the three types of InfoSec policy as described by NIST SP 800-14.
Is policy considered static or dynamic? Which factors might determine this status?
For a policy to have any effect, what must happen after it is approved by management? What are some ways to accomplish this?
In what way are policies different from procedures?
In what way are policies different from standards?
Describe the bull’s-eye model. What does it say about policy in the InfoSec program?
List and describe the three guidelines for sound policy, as stated by Bergeron and Bérubé.
List and describe the three challenges in shaping policy.
Of the controls or countermeasures used to control InfoSec risk, which is viewed as the least expensive? What are the primary costs of this type of control?
Which types of organizations might use a unified continuity plan? Which types of organizations might use the various contingency planning components as separate plans? Why?
What is a business impact analysis, and what is it used for?
What is a business continuity plan, and why is it important?
List and describe two rapid-onset disasters. List and describe one slow onset disaster.
What is a disaster recovery plan, and why is it important to the organization?
What criteria should be used when considering whether or not to involve law enforcement agencies during an incident?
What is an incident damage assessment? What is it used for?
List and describe several containment strategies given in the text. On which tasks do they focus?
What is an alert roster? What is an alert message? Describe the two ways they can be used.
List and describe the actions that should be taken during an incident response.
List and describe the IR planning steps.
List and describe the sets of procedures used to detect, contain, and resolve an incident.
List and describe the criteria used to determine whether an actual incident is occurring.
Define the term “incident” as used in the context of IRP. How is it related to the concept of incident response?
List and describe the teams that perform the planning and execution of the CP plans and processes. What is the primary role of each?
List the seven-step CP process recommended by NIST.
According to some reports, what percentage of businesses that do not have a disaster plan go out of business after a major loss?
Which two communities of interest are usually associated with contingency planning? Which community must give authority to ensure broad support for the plans?
What is the name for the broad process of planning for the unexpected? What are its primary components?
What term is used to describe the control measure that reduces security incidents among members of the organization by familiarizing them with relevant policies and practices in an ongoing manner?
What term is used to describe the provision of rules intended to protect the information assets of an organization?
What name is given to the process of assigning a comparative risk rating to each specific information asset? What are the uses of such a rating?
What questions might be asked to help identify and classify information assets? Which is the most important question to ask?
What name is given to an attack that makes use of viruses and worms? What name is given to an attack that does not actually cause damage other than wasted time and resources?
How can a vulnerability be converted into an attack?
What is the difference between a threat and an attack?
What is a threat in the context of InfoSec? What are the 12 categories of threats presented in this chapter?
What is the primary objective of the SecSDLC? What are its major steps, and what are the major objectives of each step?
How does the SecSDLC differ from the more general SDLC?
Describe top-down strategic planning. How does it differ from bottom-up strategic planning? Which is usually more effective in implementing security in a large, diverse organization?
What are the five basic outcomes that should be achieved through InfoSec governance?
What should a board of directors recommend as an organization’s InfoSec objectives?
What is InfoSec governance?
What is strategy?
Who are stakeholders? Why is it important to consider their views when planning?
What are the three common levels of planning?
What is planning? How does an organization determine if planning is necessary?
How do PERT/CPM methods help to manage a project?
List and describe the various approaches to task sequencing.
What is a work breakdown structure (WBS) and why is it important?
Name and very briefly describe some of the manual and automated tools that can be used to help manage projects.
What are the three planning parameters that can be adjusted when a project is not being executed according to plan?
What are the nine areas that make up the component processes of project management?
How can security be both a project and a process?
Why are project management skills important to the InfoSec professional?
Define “project management.” Why is project management of particular interest in the field of InfoSec?
What are the three types of general planning? Define each.
What are the characteristics of management based on the method described in the text as the “popular approach” to management? Define each characteristic.
How are leadership and management similar? How are they different?
What is management and what is a manager? What roles do managers play as they execute their responsibilities?
Define the InfoSec processes of identification, authentication, authorization, and accountability.
What is the definition of “privacy” as it relates to InfoSec? How is this definition different from the everyday definition? Why is this difference significant?
Describe the CNSS security model. What are its three dimensions?
What is the importance of the C.I.A. triangle? Define each of its components.
What is information security? What essential protections must be in place to protect information systems from danger?
List and describe the three communities of interest that engage in an organization’s efforts to solve InfoSec problems. Give two or three examples of who might be in each community.
What happens if you lose your NFC-enabled smartphone or it is stolen? How do you protect your personal information?
1. Describe the advantages that Swipely offers merchants that help it maintain a competitive advantage in the marketplace.2. Refer back to Chapter 2. Does Swipely function as a strategic information
1. What are the advantages, if any, of the Nok Nok process over strong passwords?2. Does the security burden fall primarily on the user? On the company that the user is doing business with? On both?
Assume you are interested in buying a car. You can find information about cars at numerous Web sites. Access five of them for information about new and used cars, financing, and insurance. Decide
Compare the various electronic payment methods. Specifically, collect information from the vendors cited in the chapter, and find additional vendors using google.com. Pay attention to security level,
Access www.theknot.com. Identify the site’s revenue sources.
Why might the U.S. government object to Skybox Imaging’s business? Provide specific examples in your answer.
Might other nations object to Skybox Imaging’s business? If so, which ones, and why?
Describe why wireless communications were critical to the success of the 2014 Winter Olympic Games. Provide specific examples to support your answer.
What other potential problems did Avaya have to consider that were not mentioned in this case? Provide specific examples to support your answer.
Describe several advantages of the network for the villagers.
Describe several advantages of the network for the Indonesian government.
What other uses for iBeacon can you think of?
Other than privacy concerns, what are other possible disadvantages of the iBeacon app? Provide specific examples to support your answer.
Describe how RFID technology can generate increased customer satisfaction.
What are potential disadvantages to implementing RFID technology in a retailer such as Marks & Spencer?
Why did Marks & Spencer initially deploy RFID technology on a limited basis? In your opinion, was this the correct strategy? Why or why not? Be specific.
Access various search engines to find articles about the “Internet of Things.” What is the “Internet of Things”? What types of technologies are necessary to support it? Why is it important?
1. Describe how Republic Wireless and FreedomPop can be disruptive to the major U.S. cellular service providers.2. What actions should the major cellular service providers take to combat Republic and
Explain why mobile ads are so effective on Facebook. Provide specific examples to support your answer.
1. Why are yield management systems so important to the producers of Broadway shows? Hint: What is the value of an unsold seat once the curtain goes up?2. Describe potential disadvantages of
Showing 400 - 500
of 1006
1
2
3
4
5
6
7
8
9
10
11