Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

1. How can a security framework assist in the design and implementation of a sec

ID: 3557886 • Letter: 1

Question

1. How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it?

2. Where can a security administrator find information on established security frameworks?

3. What is the ISO 27000 series of standards? Which individual standards make up the series?

4. What are the inherent problems with ISO 17799, and why hasn't the United States adopted it? What are the recommended alternatives?

5. What documents are available from the NIST Computer Resource Center, and how can they support the development of a security framework?

6. What benefit can a private, for-profit agency derive from best practices designed for federal agencies?

7. What Web resources can aid an organization in developing best practices as part of a security frarriework?

8. Briefly describe management, operational, and technical controls, and explain when each would be applied as part of a security framework.

9. What 'are the differences between a policy, a standard, and a practice? What are the three types of security policies? Where would each be used? What type of policy would be needed to guide use of the Web? E-mail? Office equipment for personal use?

10. Who is ultimately responsible for managing a technology? Who is responsible for enforcing policy that affects the use of a technology?                                                                                                                                                      

11. What is contingency planning? How is it different from routine management planning? What are the components of contingency planning?

12. When is the IR plan used?

13. When is the DR plan used?

14. When is the BC plan used? How do you determine when to use the IR, DR, and BC plans?

15. What are the five elements of a business impact analysis?

16. What are Pipkin's three categories of incident indicators?

17. What is containment, and why is it part of the planning process?

18. What is computer forensics? When are the results of computer forensics used?

19. What is an after-action -review?When is it performed? Why is it done?

20. List and describe the six continuity strategies identified in the text.

Explanation / Answer

1)

A security framework provides a better view of the security strategies. It gives a clear idea about implementing security in an organization. Using various frameworks, the suitable strategies can be extracted and implemented. The framework provides a road map for the changes to be made. So using a framework, the tasks to be performed and changes required can be assessed. It makes the security plan easy.

Information security governance is the process of handling various security measures. It involves safeguarding the information and providing security to information by applying various policies and procedures. It includes ensuring the security. The respective tasks must be monitored and should ensure security.

The top management involving executives or managers of the organization must plan for information security governance. They must ensure that the task are being implemented and accomplished properly.

2)

A security administrator can look to the Information Technology- Code of Practice for

Information Security Management, ISO 17799/BS 7799 as well as ISO 17799/BS 7799, the NIST Security Models including the SP 800-12, 14, 18, 26, and 30, and the VISA International Security Model are just a few of the established security frameworks available.

3)

ISO 27004

ISO 27005

ISO 27000 series of standards are

Series standard        status          Title or topic                                 comment

27000                   planned          series Overview and                Defines terminology and                     

                                                    Technology                             vocabulary for the standard

                                                                                                    Series.

27001                   2005             Information security and          Drawn from BS 7799:2

                                                  Management

27002                  2007             Code of practice for information Renamed from ISO/IEC

                                                 Security management                    17799, drawn from

                                                                                                          BS 7799:1

27003                 planned           Information security                    Expected in 2008                                         

                                                   Management systems

                                                   Implementation

                                                   Guidelines                                       

27004                planned          Information security                    Expected in 2008

                                                 Measurements and metrics      

27005                planned          ISMS Risk management             Expected in 2008 or later

27006                2007               requirements for bodies         Is largely intended to support

                                                 Providing Audit and               the accreditation of

                                                 Certification of an ISMS        certification bodies

                                                                                                 Providing ISMS                               

                                                                                                 Certification.

The individual standards make up the series are

ISO 27000

ISO 27003

4)

The problems include:

Related Questions

1. Holding Period Return The assets of Potential Corp. grew from 2.3 to 3.3 mill
Question #2827383
1. Holding all else equal, the value of the firm rises with a decrease in: a. in
Question #1181287
1. Holiday Brands issued $35 million of 8%, 30-year bonds for $32.5 million. Wha
Question #2575619
1. Hollywood labor unions were, and continue to be, important players in the car
Question #1163938
1. Holstein Family Company had the following account balances for the quarter en
Question #2392873
1. Holtzman Clothiers\' stock currently sells for $19 a share. It just paid a di
Question #2735278
1. Homage Company is a diversified company operating in seven industries. The id
Question #2571394
1. Homo heidelbergensis is probably the ancestor of Neandertals. True False 2. I
Question #312478

Navigate

Previous
1. How can a security framework assist in the design and implementation of a sec
Next
1. How can an aircraft carrier (or a concrete canoe) float when the density of t

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.