EBK MANAGEMENT OF INFORMATION SECURITY
6th Edition
ISBN: 9780357752869
Author: WHITMAN
Publisher: CENGAGE CO
expand_more
expand_more
format_list_bulleted
Concept explainers
Question
Chapter 4, Problem 9RQ
Program Plan Intro
Information security policy defines the set of rules of all organization for security purpose.
- It helps the employees what an organization required, how to complete the target and where it wants to reach.
- It helps to manage data access, web-browsing behaviors, passwords usage and encryption, email attachments, etc.
- It is designed to provide structure in the workplace, create a productive and effective work place.
- It is free from unnecessary distractions.
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
Which role is likely to say "no" to anything that is against policy?
Explain the meaning of mechanism and policy in the separation of mechanism and policy principle.
What are the deficiencies to using group policy
Chapter 4 Solutions
EBK MANAGEMENT OF INFORMATION SECURITY
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Similar questions
- Clearly the employees in the scenario above need to be reminded of the basics of policies. Explain to them the differences between a policy, a standard, and a practice, and how the three work together.arrow_forwardWhat have been some of the critiques levelled about UEFI throughout the years? Which of the following critiques do you agree with or disagree with?arrow_forwardSo, what is a policy, exactly? Where does it diverge from a normal law?arrow_forward
- What are the factors that influence the decision on whether or not a change should be implemented?arrow_forwardq14- Julie is reviewing regulations to assist her in analysing a system design document. She is currently reviewing the guidelines within an APRA document CPG-234. Which of the following best describes how this information should be interpreted? a. Mandatory requirements for deposit-taking institutions. b. Mandatory requirements for working with health data. c. Recommendations for deposit-taking institutions. d. Suggestions for dealing with the handling of personal information. e. Mandatory requirements for handling credit card data.arrow_forwardIn which system perspective, you will consider how the system responds to different events? Lüffen birini seçin: O a. structural perspective O b. external perspective O c. interaction perspective O d. behavioral perspectivearrow_forward
- Match each policy with the most accurate fact about it. Acceptable Use Policy Change Contol Policy New Employee Policy Work from Home Policy + + A. Owned by Human Resources B. Used by system admins C. Authorized users must sign D. Specific to work environmentarrow_forwardA recommended approach is that the people assigned to implement a risk management program should begin by studying the models presented earlier in this chapter and identifying what each offers to the envisioned process. Once the organization understands what each risk management model offers, it can adapt one that is a good fit for the specific needs at hand. Which risk control strategy would you consider the most effective and why? When should the strategy be used and why should it not be used for all risks?arrow_forwardAfter reading the case presented in the module, write a short response to the following discussion questions and ethical decision making scenario. Discussion Questions Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Fred’s perception change after that? How should Fred measure success when he evaluates Gladys’ performance for this project? How should he evaluate Charlie’s performance? Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?arrow_forward
- What exactly is a policy? What distinguishes it from a law?arrow_forwardEffective metrics are the most obvious technique to ensure policy compliance. Metrics can be used to demonstrate how well compliance is performing. You have a measure on how many people have read, acknowledged, and accepted a policy if you create a rule to determine if it has been read, acknowledged, and accepted by signature. The number of employees who have accessed the system would be a statistic if the policy is based on system access. Please respond to the following question(s): Exactly what sort metrics related to knowledge testing following cybersecurity would be useful? The metrics could be collected right after training or at regular intervals over a period of months.arrow_forwardHandwritten and detailed explanation needed differentiate between: reactive vs proactive strategies ANswer must be handwrittenarrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning