TutorialWeek05_Ans - ITC482 Computer Management Security...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Tutorial Week 05 - Solutions Tutorial Week 05 - Solutions Week 05: Developing the Security Program Review Questions 1. What is an information security program? Answer: An information security program is the structure and organization of the effort that contains risks to the information assets of the organization. 2. What functions constitute a complete information security program? Answer: Risk Assessment, Risk Management, Systems Testing, Policy, Legal Assessment, Incident Response, Planning, Measurement, Compliance, Centralized Authentication, System Security Administration, Training, Network Security Administration, and Vulnerability Assessment. 3. What organizational variables can influence the size and composition of an information security program’s staff? Answer: All of the variables, including culture, size, security personnel budget, and security personnel budget. 4. What is the typical size of the security staff in a small organization? A medium-sized organization? A large organization? A very large organization? Answer: Small – 1 full time/part time manager & up to 2 part time support staff, Medium – 1 full time manager & up to 3 partial support staff, Large – 1-2 full time managers, 3-4 full time admin/techs, 3-4 partial managers, 10-12 partial admin/techs, Very Large – 4-5 full time managers, 10-15 full time admin/techs, 5-10 partial managers, 30-35 partial admin/techs. 5. Where can an organization place the information security unit? Where should (and shouldn’t) it be placed? Answer: In large organizations, it is placed within the information technology department. But if the CIO and CISO contradict with each other, information security and information technology should be kept separate. Therefore, the main options to keep information security in are information technology, security, administrative services, insurance & risk management, strategy & planning, legal, internal audit, help desk, 6. Into what four areas should the information security functions be divided? Answer: Functions performed by non-technical areas of the organization, functions performed by IT staff outside of the information security area of management control, functions performed within the information security department as part of customer service, and functions performed within the information security department as part of a compliance enforcement obligation. 7.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 4

TutorialWeek05_Ans - ITC482 Computer Management Security...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online