What conditions must be met to ensure that risk acceptance has been used properly? B. Discuss the concept of an organisation’s competitive advantage against competitors and how it has evolved over the years with the ongoing development of the IT industry. C. Explain why networking components need more examination from an information security perspective than from a systems development perspective. Why must this practice be periodically reviewed? D. With the aid of a diagram, discuss the contingency planning hierarchy. E. What is the DMZ? Discuss whether this is a good name for the function that this type of subnet performs.

What conditions must be met to ensure that risk acceptance has been used properly? B. Discuss the concept of an organisation’s competitive advantage against competitors and how it has evolved over the years with the ongoing development of the IT industry. C. Explain why networking components need more examination from an information security perspective than from a systems development perspective. Why must this practice be periodically reviewed? D. With the aid of a diagram, discuss the contingency planning hierarchy. E. What is the DMZ? Discuss whether this is a good name for the function that this type of subnet performs.

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter11: Security Maintenance

Section: Chapter Questions

Problem 2DQ

See similar textbooks

Similar questions

Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement security policy for an organization. Answer the following questions regarding SAMM: How do organizations generally deploy SAMM Model? Is SAMM a descriptive model or prescriptive model? Write the rationale behind your answer.
How precisely can a security framework help in the planning and implementation of a security infrastructure? As compared to other forms of governance, information security governance stands out due to its unique characteristics. Is there a person or group inside the company who should be responsible for making contingency plans?
How does the role of a Security Consultant integrate with that of a Systems Architect in ensuring project robustness?
Explain in your own words why it is important to design information security into applications during each phase of the SDLC.
The following case studies illustrate how a security framework could be useful during the planning and execution phases. Just how does it work, you ask, this IT governance stuff? To whom do the responsibilities of preparation for organization belong?
An effective security infrastructure may benefit from a security framework, but in what ways? Specifically, what are the key distinctions between information security governance and other kinds of administration in this regard? Who in the firm should be in charge of devising such a strategy?
Who should determine the information security function's organisational placement? Why?
The final step in the security risk assessment process is to _____. a. assess the feasibility of implementing each of the identified mitigation measures b. decide whether or not to implement particular countermeasures c. create a chart that identifies loss events, their frequency, and their monetary costs d. analyze the costs and benefits of various countermeasures
How precisely can a security framework help in the planning and implementation of a security infrastructure? The degree to which information security governance departs from conventional forms of management is what sets it apart. Is there a person or group inside the company who should be responsible for making contingency plans?
After reading the case presented in the module, write a short response to the following discussion questions and ethical decision making scenario. Discussion Questions Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Fred’s perception change after that? How should Fred measure success when he evaluates Gladys’ performance for this project? How should he evaluate Charlie’s performance? Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?
A security framework may help with the design and implementation of a security infrastructure, but how? What are the main differences between information security governance and other forms of government in this area? Exactly who inside the company should be tasked with coming up with plans for such an event?
How can a security framework aid in security infrastructure design and implementation? Information security governance is unique. Should someone in the organization organize such an event?