{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

TutorialWeek04_Ans - ITC482 Computer Management Security...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
ITC482 – Computer Management & Security Tutorial Week 04 - Solutions ITC482 – Computer Management & Security Tutorial Week 04 - Solutions Week 04 – Information Security Policy Review Questions 1. What is information security policy? Why it is critical to the success of the information security program? Answer: The Information Security Policy sets the strategic direction, scope, and tone for all of an organization’s security efforts. It is important because it helps employees view what an organization wants and where it wants to go and for what reason. 2. Of the controls or countermeasures used to control information security risk, which is viewed as the least expensive? What are the primary costs of this type of control? Answer: Information Security Policies are the least costly to execute. The primary cost is management’s time and effort. 3. List and describe the three challenges in shaping policy. Answer: An organizations policy should never conflict with the law, it must stand up in court when it is challenged, and policy must be properly supported and administered. 4. List and describe the three guidelines for sound policy, as stated by Bergeron and Bérubé. Answer: All policies must contribute to the success of an organization means that a policy should be of proper length to ensure that every scenario is covered. Management must ensure adequate sharing of responsibility is saying that everyone in management should have an equal amount of responsibility to maintain the policy. End users of information systems should be involved in policy making means that the end users have different views and might help management understand situations better. 5. Describe the bull’s-eye model. What does it say about policy in the information security program? Answer: In the bulls eye model policies are on the outside, because policies should deal with every aspect, then you have networks, here is where the public will most likely attack you. Next, comes systems, like desktop computer and servers. Then, in the center, you have all your applications. The bull eye model is effective because it starts with policy, if you have good policy then your networks, systems, and applications will be more secure, after policy, you have your network security, i.e. firewalls, IDS, stuff like that. 6. Are policies different from standards? In what way? Answer: Yes, a standard is a more detailed statement of what must be done in order to be measured as in compliance with the policy. 7. Are policies different from procedures? In what way?
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}