Principles Of Information Security 7th Edition Michael E. Whitman, Herbert J. Mattord - Solutions

Identify and assess threats for individual organizations.Understand how much danger a threat possesses to information assets.Determine how probable and severe a threat is to an organization.
Explain how we can determine the relative risk for each of the vulnerabilities through a process called risk assessment.Discuss risk assessment, which assigns a risk rating or score to each information asset, which is useful in gauging the relative risk to each vulnerable information asset and
Explain how mitigation is the control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.Explain how mitigation begins with early detection of an attack in progress and relies on the ability of the organization to respond
Explain how after identifying and performing the preliminary classification of an organization’s information assets, the analysis phase examines the threats facing the organization.Emphasize how each threat must be examined to assess its potential impact on the organization. This is referred to
Explain there are alternative approaches to risk management, including international and national standards and methodologies from industry-leading organizations.
Define the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) method.
Explain how Factor Analysis of Information Risk (FAIR) can help organizations understand, analyze, and measure information risk.Discuss the four major stages of the FAIR methodology, which consist of 10 steps in four stages.
Discuss how the International Organization for Standardization (ISO) has standards related to information security and risk management.
Determine how to select the best risk management model.
Recall this attribute as one where the ownership or control of information has legitimacy or authorization.Assess the scenario where a breach of possession does not always equate to a breach of confidentiality.
Establish an understanding that each organization develops and maintains its own unique culture and values. Recall that a community of interest is a group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization
Apply knowledge that these professionals are aligned with an information security’s community of interest.Review the fact that their goal is to protect an organization’s information and stored information from internal and external attacks.
Identify the fact that information is authentic when it is given to a user in the same state that it was created, placed, stored, or transferred. Evaluate the example of e-mail spoofing and how messages sent look authentic on the surface but are, in fact, not.
Examine the usefulness of information and how it can be applied for an end purpose.
Compare and contrast the different types of software that are used to digitally operate an information system. These include applications or programs, operating systems, and assorted command utilities.Justify the core reason that software is used is to carry information through an organization.
Recall that data that is stored, processed, and/or transmitted must be protected as it is the most valuable asset an organization possesses.Gain awareness that the protection of physical information is just as important as the protection of electronic information.
Establish that people are often the weakest link of an information system since they provide direction, design, develop, and ultimately use and game them to operate in the business world.
Recall that procedures are written instructions that are created to accomplish a specific task or action. Recognize that they provide the foundation for technical controls and security systems that must be designed so they can be implemented.
Recall that everyone does not have carte blanche access to all data that is transmitted, processed, or stored within or outside an organization.Comprehend that security is never an absolute as it is a process and not a goal.Interpret that security is a delicate balance between protection and
Compare and contrast the different positions that are part of an implementation for an information security program.The Chief Information Officer (CIO) is the senior technology officer of an organization and provides guidance to the owner or CEO strategic planning that affects information
Examine that the Chief Information Officer (CIO) is the senior technology officer although other titles such as vice president of information, VP of information technology, and VP of systems may also be used. The CIO is primarily responsible for advising the chief executive officer, president, or
True or False: Network security addresses the issues needed to protect items, objects, or areas.
Comprehend and define the following security terms and concepts:Access: Asset: Attack: Control, safeguard, or countermeasure: Exploit: Exposure: Loss: Risk: Subjects and objects of attack:Threat: Threat agent: Threat event: Threat
Which type of security addresses the protection of all communications media, technology, and content?a. Informationb. Networkc. Physicald. Communication
Recognize that when a characteristic of information changes, the value of that information may increase but more so decreases.Comprehend and define the following security terms and concepts: confidentiality, personally identifiable information (PII), integrity, availability, accuracy, authenticity,
Which type of security encompasses the protection of voice and data networking components, connections, and content?a. Informationb. Networkc. Physicald. Communication
Define the purpose of confidentiality and the measures that must be in place to protect information.Information classificationSecurely storing documentsApplying general security policies and protocolsEducating information custodians and end usersAnalyze common reasons confidentiality breaches
What term is used to describe the quality or state of ownership or control of information?a. Confidentialityb. Possessionc. Authenticityd. Integrity
True or False: If information has a state of being genuine or original and is not a fabrication, it has the characteristic of authenticity.
Define the concept of availability and how it allows users to access information without restriction in their required formats.
When projects are initiated at the highest levels of an organization and then pushed to all levels, they are said to follow which approach?a. Executive-ledb. Trickle downc. Top-downd. Bottom-up
________ ensures that only users with the rights, privileges, and need to access information are able to do so.a. Confidentialityb. Enhanced credentialsc. Software engineersd. Awareness
True or False: The person responsible for the storage, maintenance, and protection of the information is the data custodian.
Which critical characteristic of information discussed is one that focuses on the fact when information stored, transferred, created, or placed is in the same state as it was received?a. Utilityb. Possessionc. Accuracyd. Authenticity
Which of the following examines the behavior of individuals as they interact with systems, whether societal systems or information systems?a. Community scienceb. Social sciencec. Societal scienced. Interaction management
Gain an understanding that to have a full understanding of the importance of an information system, one must have an awareness of what all is included within it.Review the six most common elements of an information system.SoftwareHardwareDataPeopleProceduresNetworks
Classify that this part of an information system is the physical technologies that house and execute software, stores and transports data, and provides an interface for entry and removal of information within it.Acquire an understanding of the concept of physical security and its importance to an
Acknowledge the fact that modern information processing systems are highly complex and rely on numerous internal and external connections.Conclude that networks are the highway in which information systems pass data and users complete their tasks on a daily basis.Justify that proper network
Analyze components that make up security as a program and the professionals who are tasked with maintaining it within an organization.
Compare and contrast the two most commonly used approaches to information security implementation: bottom-up and top-down.Bottom-up approaches implement security policies and/or policies from the ground up where system administrators are responsible for improving the security of the system.A
Review the core team members of an information security project team and their specific role:Champion: Team leader: Security policy developers: Risk assessment specialists: Security professionals: Systems administrators: End users:
Recognize that these individuals are often a team of IT managers and skilled professionals in a number of areas: systems design, programming, and networks at a minimum.Establish an understanding their goals do not always align with the information security community based on an organization’s
Analyze that this group of persons in an organization are often other managers and professionals who are consumers of information being secure.
Gain an understanding that the implementation of information security has often been described as a combination of art and science due to the complex nature of information systems.Discuss the concept of a “security artisan” and explain how it is based on the way individuals see technologists as
Establish an understanding that technologies that are developed are enacted by highly trained computer scientists and engineers who are required to operate at rigorous levels of performance.Conclude that specific scientific conditions often cause virtually all actions that occur in a computer

Showing 700 - 800 of 745

1
2
3
4
5
6
7
8

Step by Step Answers