EBK MANAGEMENT OF INFORMATION SECURITY
6th Edition
ISBN: 9780357752869
Author: WHITMAN
Publisher: CENGAGE CO
expand_more
expand_more
format_list_bulleted
Concept explainers
Question
Chapter 8, Problem 2E
Program Plan Intro
ISO/IEC 27001:
- ISO/IEC 27001 is a specification for an
information security management system (ISMS) which is established in 2005 for creating the security practices better and more efficient. - An information security management system is a framework of rules and events that contains all technical, legal and physical controls involved in company’s information risk management processes.
NIST:
- NIST refers “The National Security Telecommunications and
Information system Security Committee” document. This document offers a complete model for information security. - It mentions the documentation of performance measurements in a regular format to guarantee the repeatability of the measurement collection, development, customization and reporting activities.
Explanation of Solution
Strengths of NIST programs compared to the ISO:
- One of the main strengths of NIST is that there is excess of presence of documentation which can be used to make a forceful information security environment.
- This framework helps in prioritizing the high risks that the organization faces.
- This framework helps an organization to emphasis on actual risks first and concern about not so critical risks later.
- This framework emphases on a risk based method by employing the best practices from already recognized frameworks like COBIT, ISO and many such...
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
What exactly is ISO, and why is familiarity with it essential for those who develop computer systems?
What exactly is ISO, and why is familiarity with it essential for those who create computer systems?
To what end does ISO serve system developers?
Chapter 8 Solutions
EBK MANAGEMENT OF INFORMATION SECURITY
Ch. 8 - Prob. 1RQCh. 8 - Prob. 2RQCh. 8 - Prob. 3RQCh. 8 - Prob. 4RQCh. 8 - Prob. 5RQCh. 8 - Prob. 6RQCh. 8 - Prob. 7RQCh. 8 - Prob. 8RQCh. 8 - Prob. 9RQCh. 8 - Prob. 10RQ
Ch. 8 - Prob. 11RQCh. 8 - Prob. 12RQCh. 8 - Prob. 13RQCh. 8 - Prob. 14RQCh. 8 - Prob. 15RQCh. 8 - Prob. 16RQCh. 8 - Prob. 17RQCh. 8 - Prob. 18RQCh. 8 - Prob. 19RQCh. 8 - Prob. 20RQCh. 8 - Prob. 1ECh. 8 - Prob. 2ECh. 8 - Prob. 3ECh. 8 - Prob. 4ECh. 8 - Prob. 5ECh. 8 - Prob. 1DQCh. 8 - Prob. 2DQCh. 8 - Prob. 3DQCh. 8 - Prob. 4DQCh. 8 - Prob. 1EDM
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Similar questions
- What exactly is ISO, and why is having a good understanding of it crucial for a systems developer?arrow_forwardWhat is the full name of the organization that uses the initials ISO?Is ISO an acronym?arrow_forwardProvide some background on why the ISO was so important to the designers of the system.arrow_forward
- When should you use the generalising, overfitting, and underfitting procedures, and what precisely is the difference between these three approaches?arrow_forwardIt is of the utmost importance to compile a list that enumerates the six components of an information system, followed by definitions of each of those components in the order that they appear on the list. This will ensure that any questions about the information system are answered.arrow_forwardWho or what are the people or things that formal techniques are meant to address? The implementation of standards requires the existence of at least four positive outcomes associated with doing so.arrow_forward
- How can we define exhaustive and logical criteria?arrow_forwardSECTION I: FILL IN THE BLANKS: PICK EXACT TRUE ANSWER************ISO standards include everything from internationally recognized to the ISBN numbering system that identifies this textbook. In addition, ISO seeks to offer a global consensus of what constitutes good management practices that can help firms deliver consistently high-quality products and services- including software.arrow_forwardAnalyze the given sample of a memorandum. Identify the traits of technical writing as observed within the document. Explain how they are present in the email. For example, if you think its language is concise, give reason for your answer. Mary Roe Address 795 E Dragram City, State, Zip Code Tucson, AZ, 85705 Subject: Inquiry about my interview Respected Miss Jane, This is in regards to my interview that was held in your Company on 25th May for the position of junior consultant. I thank you for giving me the opportunity to attend the interview. During my interview I was told by Mr. Smith that I will be informed about the result in one week whether I am selected or rejected. This job is very important for me and I am very sure about my selection as my interview was good. I would request you to please let me know my result at the earliest. You can contact me on 1234567890 Yours sincerely, Daniel Craigarrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Enhanced Discovering Computers 2017 (Shelly Cashm...Computer ScienceISBN:9781305657458Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. CampbellPublisher:Cengage Learning
A Guide to SQLComputer ScienceISBN:9781111527273Author:Philip J. PrattPublisher:Course Technology Ptr
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
A Guide to SQL
Computer Science
ISBN:9781111527273
Author:Philip J. Pratt
Publisher:Course Technology Ptr