Principles of Information Security (MindTap Course List)
6th Edition
ISBN: 9781337102063
Author: Michael E. Whitman, Herbert J. Mattord
Publisher: Cengage Learning
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 4, Problem 8RQ
Explanation of Solution
Security Framework:
- In cloud
computing, the security framework is a method to make computing free from privacy threats and security risks. - The cloud drive is described as reliability, authentication and confidentiality of private data that have been challenged.
- The cloud account is easily accessible by everyone and at the same time it is more protected.
Management controls:
- Management controls are security processes executed by the security administration of an organization and are designed by strategic planners.
- These security controls reviews and addresses risk management to describe the requirement and scope of legal compliance and set rules for the maintenance of the whole security life cycle.
- It would be applied as piece of the security framework by applying complete instructions for its conduct, as well as address, plan and execute the security scheduling process and security program management.
Operational controls:
- Operational controls management and does lower-level scheduling function that acts with the operational functionality of protection in the organization...
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
When developing a plan for security, it is necessary to keep track of three essential
components.
A security control is a specific action or procedure provided to protect confidentiality, integrity and availability of information/systems. Explain information security control with respect to the following: (i) Administrative Controls (ii) Technical or Logical Controls (iii) Physical Controls
During the process of defining a plan and establishing milestones, what kinds of possible security flaws or vulnerabilities could become apparent?
Chapter 4 Solutions
Principles of Information Security (MindTap Course List)
Ch. 4 - Prob. 1RQCh. 4 - Prob. 2RQCh. 4 - Prob. 3RQCh. 4 - Prob. 4RQCh. 4 - Prob. 5RQCh. 4 - Prob. 6RQCh. 4 - Prob. 7RQCh. 4 - Prob. 8RQCh. 4 - Prob. 9RQCh. 4 - Prob. 10RQ
Ch. 4 - Prob. 11RQCh. 4 - Prob. 12RQCh. 4 - Prob. 13RQCh. 4 - Prob. 14RQCh. 4 - Prob. 15RQCh. 4 - Prob. 16RQCh. 4 - Prob. 17RQCh. 4 - Prob. 18RQCh. 4 - Prob. 19RQCh. 4 - Prob. 20RQCh. 4 - Prob. 2ECh. 4 - Prob. 3ECh. 4 - Prob. 4ECh. 4 - Prob. 5ECh. 4 - Prob. 1CEDQCh. 4 - Prob. 2CEDQCh. 4 - Prob. 3CEDQ
Knowledge Booster
Similar questions
- Scenario: As a member of the project team, you have to write an organized and well-structured technical report as per the task below. This top-level information security policy which is a key component of the organizations overall information security management framework and should be considered alongside more detailed information security documentation including, system level security policies, security guidance and protocols or procedures. Task: Enter a short scoping overview of the organization, including those providing or receiving services under contracts that are to be subject to this information security policy. Note: The statement should take account of the Information Governance aims and expectations set out within the Information Security Management: Code of Practice for organizations. Write an Information Security policy for the organization. Note: The aim of this policy is to establish and maintain the security and confidentiality of information, information…arrow_forwardInformation System (IS) is entire set of software, hardware, data, people, procedures, and networks necessary to use information as a resource in the organization.a) Analyse different phases of Security Systems Development Life Cycle.arrow_forwardDifferentiate between the two types of security architecture you've selected by explaining, contrasting, and comparing them.arrow_forward
- Developing a security architecture for a big company has been left to you. Plan out what gear and software you'll need to set up a safe network before you begin. Explain why you choose a certain component. The component described in the previous phase should be included in a diagram depicting a possible architecture (a). Include a description of your design's architecture, as well as the locations of various components.arrow_forwardObjectives Develop questions to gain further insight and help get the client and tester on the same page Create a sample scope for an security assessment Create and revise Rules of Engagement for the test Overview You were given a Request For Proposal (RFP) but it seems to be lacking enough details to determine what the client is requesting for a test. We will need to come up with some information and questions to discuss with the client to determine what exactly they are wanting. This will allow both the client and the tester to be on the same page prior to beginning any assessment. We will be building a Scope and Rules of Engagement (ROE) to determine what is in scope and the document that outlines specifics of the project and how it will occur. Below are some of the key points pulled from the RFP that was lacking a lot of details: The test is for CIT-E Corp with 2,000 employees located throughout the United States They want a penetration test from either an outside company or…arrow_forwardReaders should be able to grasp various security management concepts and principles if they are presented in detail.arrow_forward
- Under the Common Criteria, which term describes the user-generated specifications for security requirements? Security Functional Requirements (SFRs) Security Target (ST) Protection Profile (PP) Target of Evaluation (ToE)arrow_forwardKeeping track of three essential components is necessary when developing a security plan.arrow_forwardList at least five components of security goalsarrow_forward
- 1- to 2-page Security Assessment Plan Worksheet Wk 3 – Assignment Template Security Assessment Plan Worksheet Using the Assignment Scenario, complete the following worksheet. Description of VulnerabilitySecurity Control Number and NameSecurity Control TypeSystem Categorization for Risk Level ImpactLast Assessment InformationAssetAssessment MethodPolicy Alignment<Describe the vulnerability><List the Security Control name and number><Common, System-Specific, Hybrid><High, moderate, or low><Identify any security assessments from the past><Describe the asset that will be tested><Identify at least one way you can test this asset><Indicate what security policy aligns with the asset>arrow_forwardCreate a timeline that will detail how the week of pen testing will be conducted, the frequency of reporting, and the form of documentation of results that will be submitted. This should include a 1-page explanation of daily, weekly, and monthly security steps that the company should implement along with an explanation of how they will be implemented and what they will achievearrow_forwardMake sure you submit your proposal for a security education program. Artifacts that have been finished and polished are supposed to have all their parts. The input that was used to create it should be reflected in its final form. The proposal will include an executive summary, a communication plan, an introduction, the proposal's policies and procedures, the proposal's main body, the proposal's main body, the policies and procedures, the recommended remedies to security weaknesses, and the strategies to constantly monitor the company for hostile conduct.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,