Management Of Information Security
6th Edition
ISBN: 9781337405713
Author: WHITMAN, Michael.
Publisher: Cengage Learning,
expand_more
expand_more
format_list_bulleted
Concept explainers
Expert Solution & Answer
Chapter 2, Problem 5RQ
Explanation of Solution
Purpose of SANS organization:
- SANS stands for SysAdmin, Audit, Network, and Security.
- SANS is a professional research and educational organization which dedicates to
information and system protection...
Explanation of Solution
SANS organization involved in professional certification:
The SANS professionals seek for one of its professional Global Insurance Assurance Certification (GIAC) and will agree t...
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
What is the stated purpose of the SANS organization? In what ways is it involved inprofessional certification for InfoSec professionals?
A company planned to expand the Information Management & Security faculty of the business organisation and offered you the position of Information Systems & Security Auditor. Your role among other things is to ensure that the organisation’s systems and all IT Infrastructure comply with all known global Information Systems and Security Standards. As a security measure, the organisation is required to ensure that its Information Systems infrastructure, procedures and processes comply, and are properly registered with International Standards organisations like the ISO, among others. The business intends to always ensure that all systems and infrastructure are well protected and have acquired a high level of resilience in the event of a cyberattack of any kind or any act of fraud that may be attempted on the organisation as a prime target either by internal or external perpetrators.
QUESTION 1.1
Based on the above scenario, break down the information security audit function into…
C.
List the components of PKI, then describe each component and its function.
What are certification and accreditation when applied to information systems security management? List and describe at least two certification or accreditation processes.
You've been hired by an investment company with 500 employees to serve as their Information Systems Security Manager. Your first task from the Chief Information Officer is to write a series of policies and procedures as the company has nothing in place.
Where is a good place to start your research?
List at least 3 policies and procedures that you would work on first and explain why these three should be considered early.
Recommend a password policy.
If the C.I.A. triangle is incomplete, why is it so commonly used in security?
Explain what value an automated asset inventory system has for the risk identification process?
Chapter 2 Solutions
Management Of Information Security
Ch. 2 - Prob. 1RQCh. 2 - Prob. 2RQCh. 2 - Prob. 3RQCh. 2 - Prob. 4RQCh. 2 - Prob. 5RQCh. 2 - Prob. 6RQCh. 2 - Prob. 7RQCh. 2 - Prob. 8RQCh. 2 - Prob. 9RQCh. 2 - Prob. 10RQ
Ch. 2 - Prob. 11RQCh. 2 - Prob. 12RQCh. 2 - Prob. 13RQCh. 2 - Prob. 14RQCh. 2 - Prob. 15RQCh. 2 - Prob. 16RQCh. 2 - Prob. 17RQCh. 2 - Prob. 18RQCh. 2 - Prob. 19RQCh. 2 - Prob. 20RQCh. 2 - Prob. 1ECh. 2 - Prob. 2ECh. 2 - Prob. 3ECh. 2 - Prob. 4ECh. 2 - Prob. 5ECh. 2 - Prob. 1DQCh. 2 - Prob. 2DQCh. 2 - Prob. 3DQCh. 2 - Prob. 1EDM
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Similar questions
- In other words, what is SANS' official goal? What part does it play, more specifically, in the process of certifying professionals in the field of information security?arrow_forwardComputer Science Pick one security law that most interests you with an emphasis on the areas that impact information security and assurance. Write a 1 page summary that includes what it is, what is its purpose/relevance, why is it important, who or what it applies to, ramnifications if not followed, and impact on information and assurance.arrow_forwardWhat does the acronym CISSP stand for? Use the internet to find the ethical guidelines that all CISSP holders must agree to follow?arrow_forward
- Could you please help me with solving this question? question: Now have a look at how the standard ISO 27002 deals with security requirements in information systems development. This is mostly covered in 14.1, but other parts of section 14 touch on these issues along with other chapters within the standard. Now provide a brief commentary on the adequacy of this material, and also outline whether this material in the standard might alter the key tasks that you would undertake in order to produce the specification of the information security requirements.arrow_forwarda) Show the hierarchy of the relationship of IEC 62061 to other relevant standards. b) According to IEC 62061, what would the approximate SIL level be, if a risk improvement factor of 1200 is to be achieved? NO HAND WRITING PLEASEarrow_forwardExplain security frameworks ISO, NIST, COBIT How are they predominately used? What are their strengths? What are their weaknesses? Are they general or specific? What is a setting (small business, school, home office, etc.) that you would recommend for each of these?arrow_forward
- Submit a security awareness program proposal. It should be a complete, polished artifact containing all of the critical elements. It should reflect the incorporation of feedback . The proposal will consist of the executive summary, communication plan, proposal introduction, policies and procedures, proposed solutions to the security vulnerabilities, and plans to continuously monitor the organization for malicious behaviors.arrow_forwardChain Link Consulting is an information technology consulting company that focuses on system security concerns. When the company's president asks you to assist her with the preparation of a presentation for a group of potential clients at a trade show meeting next month, you say "yes." First and foremost, she would like you to examine system security concerns in light of all six security levels. Afterwards, she wants you to come up with a list of methods that Chain Link might evaluate a client's security procedures in order to obtain an accurate evaluation of their level of exposure.It was her way of making the situation more intriguing by saying that it was fine to be imaginative in your ideas, but that you should avoid proposing anything that would be unlawful or immoral. Example: It might be OK to pretend as a job candidate with phony references to see whether they were being reviewed, but it would be inappropriate to steal a lock and access the computer room to check on things.Your…arrow_forwardWhat are the primary responsibilities of the CISO, the security manager, and the security technician, respectively?arrow_forward
- What are the key duties that are expected of the Chief Information Security Officer, the Security Manager, and the Security Technician, in that order?arrow_forwardImagine that your team has been hired to conduct a review of the information system policies and procedures employed in the student registration department at your school or university. Develop a list of at least 10 specific questions that your team would use to assess the effectiveness of these policies and procedures in reducing mistakes, waste, and costs.arrow_forwardImagine that you have been given the responsibility of serving as the JAD session's facilitator. If you were in charge of a JAD session, you should compile a list of 10 rules and regulations that you would want all of the participants to follow.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781305971776Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning