Management Of Information Security
Management Of Information Security
6th Edition
ISBN: 9781337405713
Author: WHITMAN, Michael.
Publisher: Cengage Learning,
Question
Chapter 1, Problem 6E
Program Plan Intro

Security policy:

  • A security policy defines an organization’s security requirements.
  • It provides controls and consents needed for meeting requirements.
  • A security policy is a well written document in an organization giving the guidelines to how to protect the organization from threats.
  • It includes computer security threats, and how to handle situations when they do occur.
  • A good security policy must identify all of a company's assets as well as all the potential threats to those assets.
  • The employees of the company need to be kept updated on the company's security policies.
  • The policies themselves should also be updated regularly.

Failure in identifying threats:

  • The failure in identification of threats is a good sign.
  • The detailed investigation of threats is required in this case.
  • The threats may be in different fields shown below:
    • Economic trends:
      • It denotes research over economy in an area.
      • The notion of economic shifts over market.
    • Market trends:
      • The change in market conditions.
      • The new upcoming trends that may hurt the company.
      • The amount of competition in market.
    • Funding changes:
      • It denotes decrease in grants annually.
      • It checks whether this decrease may hurt company’s economy.
    • Government regulations:
      • It denotes checking of any new regulations that may hurt company.
      • It may sense the kind of damage that can happen.
  • After a detailed research over identification of threats, if nothing is been found then that may denote a positive escalation.

Blurred answer
Students have asked these similar questions
What is the difference between passive and active security threats? List and briefly define categories of passive and active security  attacks.
What is it that differentiates an aggressive security attack from a passive security assault? Here are some of the reasons why active attacks provide a larger risk than passive ones. Provide concrete examples to substantiate the statements you've made.
Hi, I need to answer this question. The name of the book is "Hacker Techniques, Tools, and Incident Handling 3e". Thank you.   Question 2: What are the differences between social engineering and other types of attacks?
Knowledge Booster
Recommended textbooks for you
  • Management Of Information Security
    Computer Science
    ISBN:9781337405713
    Author:WHITMAN, Michael.
    Publisher:Cengage Learning,
    Principles of Information Security (MindTap Cours...
    Computer Science
    ISBN:9781337102063
    Author:Michael E. Whitman, Herbert J. Mattord
    Publisher:Cengage Learning
    Fundamentals of Information Systems
    Computer Science
    ISBN:9781337097536
    Author:Ralph Stair, George Reynolds
    Publisher:Cengage Learning
  • Principles of Information Systems (MindTap Course...
    Computer Science
    ISBN:9781305971776
    Author:Ralph Stair, George Reynolds
    Publisher:Cengage Learning
    MIS
    Computer Science
    ISBN:9781337681919
    Author:BIDGOLI
    Publisher:Cengage
  • Management Of Information Security
    Computer Science
    ISBN:9781337405713
    Author:WHITMAN, Michael.
    Publisher:Cengage Learning,
    Principles of Information Security (MindTap Cours...
    Computer Science
    ISBN:9781337102063
    Author:Michael E. Whitman, Herbert J. Mattord
    Publisher:Cengage Learning
    Fundamentals of Information Systems
    Computer Science
    ISBN:9781337097536
    Author:Ralph Stair, George Reynolds
    Publisher:Cengage Learning
    Principles of Information Systems (MindTap Course...
    Computer Science
    ISBN:9781305971776
    Author:Ralph Stair, George Reynolds
    Publisher:Cengage Learning
    MIS
    Computer Science
    ISBN:9781337681919
    Author:BIDGOLI
    Publisher:Cengage