Planning for Security

945 Words4 Pages
John Moura

Chapter 2: Planning for Security

Review Questions

1. Describe the essential parts of planning. How does the existence of resource constraints affect the need for planning?

Answer: Organizational planning, described below, and Contingency planning, which focuses on planning or unforeseen events. Organizations must be able to forecast their needs relative to available resources as best they can to insure best decision making.

2. What are the three common layers of planning? How do they differ?

Answer: Strategic – lays out long term goals, Tactical – more short term focus, Operational – daily and on-going operation goals

3. Who are the stakeholders? Why is it important
…show more content…
3) Logical Design - team members create and develop a blueprint for security, and examine and implement key policies . 4) Physical Design - Team members evaluate the technology needed to support the security blueprint, generate alternative solutions, and agree upon a final design

5) Implementation - The security solutions are acquired, tested, implemented, and tested again

6) Maintenance - Once the information security program is implemented, it must be operated, properly managed, and kept up to date by means of established procedures

12. What is a threat in the context of information security? How many categories of threats exist as presented in this chapter?

Answer: Compromises in intellectual property. 12

13. What is the difference between a threat and an attack?

Answer: Threats are areas where there is potential for an attack An attack is an act or event that exploits those vulnerabilities.

14. How can vulnerability be converted into an attack? What label would we give to the entity that performs this transformation?

Answer: Threat agent. Back doors, brute force, buffer overflow etc..

15. What name is given to an attack that makes use of viruses and worms? What name is given to an attack that does not actually cause damage other than wasted time and resources?
Get Access