Management Of Information Security
6th Edition
ISBN: 9781337405713
Author: WHITMAN, Michael.
Publisher: Cengage Learning,
expand_more
expand_more
format_list_bulleted
Concept explainers
Question
Chapter 5, Problem 6RQ
Program Plan Intro
- The information security program defines structure and format of controlling the risks related to the information security of a company or an organization.
- This program includes all objectives, planning and policies of the information security.
- It includes three principles namely, confidentiality, integrity and availability.
Functions of a complete InfoSec program:
- A complete InfoSec program includes different functions like, risk management, risk assessment, system testing, policy, legal assessment, training and many others.
- Risk management implements the controls to reduce the threats.
- Risk assessment identifies or predicts the threats in the technology or system.
- Policy promotes the policies related to information security.
- Planning method includes creation, maintenance and monitoring of the plans related to information security.
- Measurement predicts the risks using the existing systems or technologies.
- Legal assessment includes all the legal issues related to company.
- System testing check for vulnerabilities like hackers and attackers and secures the new technologies from the unauthorized users.
- InfoSec program includes some other functions like centralized authentication, system security administration, network security administration, incident response, vulnerability assessment and many others.
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
On each of the fourteen main NCS projects, a thorough remark should be provided.
What is the process through which SaaS operates? Could you kindly elaborate on what you mean?
Discuss the sense and sensibility of the various reorganizations of the DHS. What are the positive and negative aspects of the current incarnation considering previous structures? please cite
Chapter 5 Solutions
Management Of Information Security
Ch. 5 - Prob. 1RQCh. 5 - Prob. 2RQCh. 5 - Prob. 3RQCh. 5 - Prob. 4RQCh. 5 - Prob. 5RQCh. 5 - Prob. 6RQCh. 5 - Prob. 7RQCh. 5 - Prob. 8RQCh. 5 - Prob. 9RQCh. 5 - Prob. 10RQ
Ch. 5 - Prob. 11RQCh. 5 - Prob. 12RQCh. 5 - Prob. 13RQCh. 5 - Prob. 14RQCh. 5 - Prob. 15RQCh. 5 - Prob. 16RQCh. 5 - What are the 10 areas that make up the component...Ch. 5 - Prob. 18RQCh. 5 - Prob. 19RQCh. 5 - Prob. 20RQCh. 5 - Prob. 1ECh. 5 - Prob. 2ECh. 5 - Prob. 3ECh. 5 - Prob. 5ECh. 5 - Prob. 6ECh. 5 - Prob. 1DQCh. 5 - What are the advantages and disadvantages to...Ch. 5 - Prob. 1EDM
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Similar questions
- When should you use the generalising, overfitting, and underfitting procedures, and what precisely is the difference between these three approaches?arrow_forwardWhat is the most important phase of the SDLC, and can you support it with at least two circumstances or examples?arrow_forwardPlanning is the last step in the SDLC. Is it truthful or untrue to say this?arrow_forward
- What are the roles of the approval committee during the different SDLC phases ?arrow_forwardEven though seven are specified by the OSI reference model, this is not typically the case. There is no point in trying to employ fewer layers if it is not necessary. Is it dangerous to have fewer management levels?arrow_forwardWhat is the SDLC? What names are given to various phases?arrow_forward
- Why is it important to establish metrics for security in defining requirements ? what would happen if thete were no metrics established ?arrow_forwardIn what ways can you explain the following? With any basic example throughout SDLC.arrow_forwardWhat is the most crucial phase in the SDLC, and can you back it up with at least two situations or examples??arrow_forward
- Which step of the SDLC is the most crucial, and can you please specify with at least two instances or scenarios?arrow_forwardWhat Information Security responsibilities would you provide to a smaller organization with three full-time and two or three part-time roles? Among the departments is InfoSec. Name the departmental tasks that may be contracted out. Function distribution:arrow_forwardRead the image first then answer the following question: Question: Which stakeholders should be involved during the process of determining the requirements of TAMS?arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,