TutorialWeek04_Ans - ITC482 Computer Management &...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Tutorial Week 04 - Solutions Tutorial Week 04 - Solutions Week 04 – Information Security Policy Review Questions 1. What is information security policy? Why it is critical to the success of the information security program? Answer: The Information Security Policy sets the strategic direction, scope, and tone for all of an organization’s security efforts. It is important because it helps employees view what an organization wants and where it wants to go and for what reason. 2. Of the controls or countermeasures used to control information security risk, which is viewed as the least expensive? What are the primary costs of this type of control? Answer: Information Security Policies are the least costly to execute. The primary cost is management’s time and effort. 3. List and describe the three challenges in shaping policy. Answer: An organizations policy should never conflict with the law, it must stand up in court when it is challenged, and policy must be properly supported and administered. 4. List and describe the three guidelines for sound policy, as stated by Bergeron and Bérubé. Answer: All policies must contribute to the success of an organization means that a policy should be of proper length to ensure that every scenario is covered. Management must ensure adequate sharing of responsibility is saying that everyone in management should have an equal amount of responsibility to maintain the policy. End users of information systems should be involved in policy making means that the end users have different views and might help management understand situations better. 5. Describe the bull’s-eye model. What does it say about policy in the information security program? Answer: In the bulls eye model policies are on the outside, because policies should deal with every aspect, then you have networks, here is where the public will most likely attack you. Next, comes systems, like desktop computer and servers. Then, in the center, you have all your applications. The bull eye model is effective because it starts with policy, if you have good policy then your networks, systems, and applications will be more secure, after policy, you have your network security, i.e. firewalls, IDS, stuff like that. 6. Are policies different from standards? In what way? Answer: Yes, a standard is a more detailed statement of what must be done in order to be measured as in compliance with the policy. 7. Are policies different from procedures? In what way? Answer: Yes, procedures explain how the employee might act to comply with the policy and to be successfully measured by the standard. In other words, steps that are needed to be taken so the employees will abide by the policy. It may state activities to be done in addition to the policy. 8.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/15/2010 for the course ITC 594 taught by Professor Peterdalmaris during the Three '10 term at Charles Sturt University.

Page1 / 4

TutorialWeek04_Ans - ITC482 Computer Management &...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online