Lms Integrated For Mindtap Information Security, 1 Term (6 Months) Printed Access Card For Whitman/mattord's Management Of Information Security, 5th
5th Edition
ISBN: 9781305949454
Author: Michael E. Whitman, Herbert J. Mattord
Publisher: Cengage Learning
expand_more
expand_more
format_list_bulleted
Concept explainers
Expert Solution & Answer
Chapter 9, Problem 4RQ
Explanation of Solution
Gold standard in Infosec practices:
- In InfoSec, two categories of terms describing security practices are commonly used:
- Standards of due care and due intelligence
- Recommended practices or best security practices
- The very best recommended practices are normally referred to as the Gold Standard.
- The gold standard demonstrates the industrial leadership, quality, and concern for the information protection.
Justification:
- csrc.nist.gov/groups/SMA/fasp/index.html, are used to publish the criteria for gold standard in InfoSec practices.
- But this site was archived in August 2015 and is now considered historical information.
- There are no published criteria for the gold standard now.
Want to see more full solutions like this?
Subscribe now to access step-by-step solutions to millions of textbook problems written by subject matter experts!
Students have asked these similar questions
What is InfoSec governance? What are the five basic outcomes that should be achieved through
InfoSec governance?
Assume that you are asked to recommend the professional credit credentials for certain roles in infosec at a large organization. What is your recommendation for the credentials to be held by the CISO? How about for an infosec manager? What would be your recommended certifications for the senior technical staff? For the last question, pick 3 technical roles and know the job title and recommended credentials for each.
What exactly is JAD? When compared to standard information-gathering procedures, what makes it superior? What are some of its shortcomings?
Chapter 9 Solutions
Lms Integrated For Mindtap Information Security, 1 Term (6 Months) Printed Access Card For Whitman/mattord's Management Of Information Security, 5th
Ch. 9 - Prob. 4RQCh. 9 - Prob. 8RQCh. 9 - Prob. 9RQCh. 9 - Prob. 10RQCh. 9 - Prob. 11RQCh. 9 - Prob. 12RQCh. 9 - Prob. 13RQCh. 9 - List and describe the fields found in a properly...Ch. 9 - Prob. 15RQCh. 9 - Prob. 16RQ
Ch. 9 - Prob. 1RQCh. 9 - Prob. 2RQCh. 9 - Prob. 3RQCh. 9 - Prob. 5RQCh. 9 - Prob. 6RQCh. 9 - Prob. 7RQCh. 9 - Prob. 17RQCh. 9 - Prob. 18RQCh. 9 - Prob. 19RQCh. 9 - Prob. 20RQCh. 9 - Prob. 1ECh. 9 - Prob. 3ECh. 9 - Prob. 4ECh. 9 - Prob. 1DQCh. 9 - Prob. 2DQCh. 9 - Prob. 1EDMCh. 9 - Prob. 2EDMCh. 9 - Prob. 3EDM
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Similar questions
- List and explain an organization's three communities of interest that participate in attempts to address InfoSec issues, and provide three examples of who could be in each group.arrow_forwardExamine the differences and similarities between Governance and Management with regard to IT auditing.arrow_forwardWhat are the characteristics of MIS? Explain its significance in the organization.arrow_forward
- How does the Wilson approach align with industry-specific regulations and standards, and what steps can organizations take to ensure compliance in their operations?arrow_forwardLook at IT audits through the lens of Governance and Management, and see where the two overlap and where they differ.arrow_forwardIn implementing information security , it is very important that organization identify problem and system requirements. At what stage do this steps happen or conducted? * Your answerarrow_forward
- Check out the differences and the similarities between Governance and Management in regards to IT audits.arrow_forwardWhat is the stated purpose of the SANS organization? In what ways is it involved inprofessional certification for InfoSec professionals?arrow_forwardHow will IoT governance be affected by public policy? What the IoT roles are needed for an IoT development team?arrow_forward
- Choosing The Right Security Framework For Your Organization The many challenges related to building and running an information security program can be overwhelming. The chief information security officer (CISO) is responsible for running Identity And Access Management (IAM), Data Loss Prevention (DLP) and many other security programs. On top of those daunting considerations are the complex areas of governance, risk and regulatory compliance. One of the most effective ways to build and maintain these programs is to use a hybrid security framework that is customized to meet business objectives, and to define policies and procedures for implementing and managing controls in the organization. It should be tailored to outline specific security controls and regulatory requirements that impact the business.Common Security FrameworksTo better understand security frameworks, let’s take a look at some of the most common and how they are constructed.NIST SP 800-53First published in 1990, National…arrow_forwardChoosing The Right Security Framework For Your Organization The many challenges related to building and running an information security program can be overwhelming. The chief information security officer (CISO) is responsible for running Identity And Access Management (IAM), Data Loss Prevention (DLP) and many other security programs. On top of those daunting considerations are the complex areas of governance, risk and regulatory compliance. One of the most effective ways to build and maintain these programs is to use a hybrid security framework that is customized to meet business objectives, and to define policies and procedures for implementing and managing controls in the organization. It should be tailored to outline specific security controls and regulatory requirements that impact the business.Common Security FrameworksTo better understand security frameworks, let’s take a look at some of the most common and how they are constructed.NIST SP 800-53First published in 1990, National…arrow_forwardOne of the motivating drivers for establishment of a CSIRT is due to new laws and regulations on how organizations are required to protect information assets. Name and define a major law/regulation that is influencing decisions to have a CSIRT. Do you agree that this law should be required? If so, why or why not?arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Information Technology Project ManagementComputer ScienceISBN:9781337101356Author:Kathy SchwalbePublisher:Cengage LearningPrinciples of Information Systems (MindTap Course...Computer ScienceISBN:9781305971776Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Information Technology Project Management
Computer Science
ISBN:9781337101356
Author:Kathy Schwalbe
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning