6.1. You are convinced that the security maintenance of the department's informationinfrastructure needs to receive the attention of the minister. Given that the minister is new inhis position, list and briefly describe to the minister the five domains of the general securitymaintenance model. Study the scenario and complete the question(s) that follow:Security Maintenance ModelSome government officials are known to be complacent when it comes to the management ofgovernment institutions and systems. However, you have been hired as the Information SecurityManager in the Department of Finance and you are to be reporting directly to the Minister of Financewho has been newly deployed in this position. You are fully conscient that this is a very key department|and so is the department's information systems management in terms of security maintenance.Source: Kambale W.v. (2021)

the five domains of the general security maintenance model. >Outer observing: The part of the…

You are convinced that the security maintenance of the department's information infrastructure needs to receive the attention of the minister. Given that the minister is new in his position, list and briefly describe to the minister the five domains of the general security maintenance model.

You are convinced that the security maintenance of the department's information infrastructure needs to receive the attention of the minister. Given that the minister is new in his position, list and briefly describe to the minister the five domains of the general security maintenance model.

Database System Concepts

7th Edition

ISBN:9780078022159

Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Chapter1: Introduction

Section: Chapter Questions

Problem 1PE

See similar textbooks

Similar questions

Information security program development and implementation is not a simple process, but it is an absolutely essential and on-going process; particularly if your organization is responsible for maintaining the integrity, availability, and confidentiality of customer information or business-critical data. Explain TWO approaches with the help of a valid diagram to Information Security Implementation in any organization.
Using the phases of the information security services life cycle as the basis of yourargument:1. Discuss the importance of this life cycle in the security product.2. Justify the reasons it must be included in the organisation’s informationsecurity program.3. Use suitable examples in your discussion and justification.
Answer the given question with a proper explanation and step-by-step solution. 1. What member of an organization should decide where the information security function belongs within theorganizational structure? Why? 2. List and describe the options for placing the information security function within the organization. Discussthe advantages and disadvantages of each option. 3. For each major information security job title covered in the chapter, list and describethe key qualifications and requirements for the position. 4. What factors influence an organization’s decisions to hire information security professionals? 5. Prioritize the list of general attributes that organizations seek when hiring information securityprofessionals. In other words, list the most important attributes first. Use the list you developed to answerthe previous review question. 6. What are critical considerations when dismissing an employee? Do they change accord- ing to whether thedeparture is friendly or…
C. List the components of PKI, then describe each component and its function. What are certification and accreditation when applied to information systems security management? List and describe at least two certification or accreditation processes. You've been hired by an investment company with 500 employees to serve as their Information Systems Security Manager. Your first task from the Chief Information Officer is to write a series of policies and procedures as the company has nothing in place. Where is a good place to start your research? List at least 3 policies and procedures that you would work on first and explain why these three should be considered early. Recommend a password policy. If the C.I.A. triangle is incomplete, why is it so commonly used in security? Explain what value an automated asset inventory system has for the risk identification process?
PurposeThis course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.Learning Objectives and OutcomesSuccessful completion of this project will ensure that you can develop draft IT security policies for an organization and apply learning constructs from the course. By the end of this project, you will be able to do the following:Evaluate compliance laws relevant to the U.S. Department of Defense.Assess policy frameworks appropriate for an organization in a given scenario.Evaluate security controls and standards for the seven domains of a typical IT infrastructure.Develop DoD-compliant policies for an organization’s IT infrastructure.Required Source Information and ToolsWeb References: Links to Web references in this document and related materials are subject to change without prior notice. These links were last verified on January 4, 2022. The following tools and resources will be needed to complete this…
PurposeThis course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.Learning Objectives and OutcomesSuccessful completion of this project will ensure that you can develop draft IT security policies for an organization and apply learning constructs from the course. By the end of this project, you will be able to do the following:Evaluate compliance laws relevant to the U.S. Department of Defense.Assess policy frameworks appropriate for an organization in a given scenario.Evaluate security controls and standards for the seven domains of a typical IT infrastructure.Develop DoD-compliant policies for an organization’s IT infrastructure.Required Source Information and ToolsWeb References: Links to Web references in this document and related materials are subject to change without prior notice. These links were last verified on January 4, 2022. The following tools and resources will be needed to complete this…
Book title: Cybersecurity Essentials - Charles J. Brooks Chapter 1 - Infrastructure security in the Real world From the information provided in the second scenario, consider the NIST functions detailed in this section and then write what to observe as they relate to each category. 1. Inventory creation sample of physical assets (devices and systems) within the organization (NIST ID.AM-1)? 2. Inventory creation sample of cyber assets (software platforms and applications) within the organization (NIST ID.AM-2). 3. Prioritize the organization’s assets based on their criticality or value to the business functions of the organization (NIST ID.BE-3). 4. Identify any assets that produce dependencies or provide critical functions for any of the organization’s critical services (NIST ID.BE-4).Create a risk assessment of asset vulnerabilities identified (NIST ID.RA-1, 3). (Refer to screenshot for reference)
When attempting to convince someone of anything, it is helpful to provide instances. This section devotes a lot of attention to traditional personnel practises, as well as the controls and integration with information security principles that make it possible for such practises to play a part in the information security function.
For this assignment you will provide security advice for a fictional stakeholder. Assume that you are a cybersecurity consultant that has been brought on board to provide industry best practices. This means that your advice should not rely on your personal opinion, nor on the personal opinion of others. Seek out sources for INDUSTRY best practices - which means using a security framework. Use NIST (800-53). Do NOT prescribe specific technologies or products. Keep it platform neutral. For example, IA-4 calls for Identifier Management, which is solved with the following advice. "Use a centrally managed user repository with individual user IDs based on employee ID, but use aliases for email and IM accounts. This way customers and co-workers can identify contact information for employees, but username remains semi-confidential " The scenario: We need to set up a secure virtual boardroom. Our security people have found the following OSA (open-source architecture) pattern for what we need,…
Book title: Cybersecurity Essentials - Charles J. Brooks Chapter 1 - Infrastructure security in the Real world From the information provided in the second scenario, consider the NIST functions detailed in this section and then write what to observe as they relate to each category. 2. Inventory creation sample of cyber assets (software platforms and applications) within the organization (NIST ID.AM-2). 3. Prioritize the organization’s assets based on their criticality or value to the business functions of the organization (NIST ID.BE-3). 4. Identify any assets that produce dependencies or provide critical functions for any of the organization’s critical services (NIST ID.BE-4).Create a risk assessment of asset vulnerabilities identified (NIST ID.RA-1, 3). (Refer to screenshot for reference)
You have suggested the use of the National Training Standard for Information Security Professional (NTSIS) / CNSS security model, also known as the McCumbers cube. - Using a University as an example, discuss the three dimensions of the said CNSS Security model, giving a brief explanation of each of the 27 cells in the model
Chain Link Consulting is an information technology consulting company that focuses on system security concerns. When the company's president asks you to assist her with the preparation of a presentation for a group of potential clients at a trade show meeting next month, you say "yes." First and foremost, she would like you to examine system security concerns in light of all six security levels. Afterwards, she wants you to come up with a list of methods that Chain Link might evaluate a client's security procedures in order to obtain an accurate evaluation of their level of exposure.It was her way of making the situation more intriguing by saying that it was fine to be imaginative in your ideas, but that you should avoid proposing anything that would be unlawful or immoral. Example: It might be OK to pretend as a job candidate with phony references to see whether they were being reviewed, but it would be inappropriate to steal a lock and access the computer room to check on things.Your…