TutorialWeek06_Ans - ITC482 Computer Management &...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Tutorial Week 06 - Solutions Tutorial Week 06 - Solutions Week 06: Security Management Models and Practices Review Questions 1. What is an information security framework? How does it relate to the information security blueprint? Answer: The information security framework is the outline of the blueprint, which is the basis for design, selection, and implementation of all subsequent security controls, including information security policies, security education and training programs, and technological controls. 2. What is a security model? How might an information security professional use such a model? Answer: A security model is a generic blueprint offered by a service organization. For example, it can be used as an ISO standard by an information security professional. 3. Which information security model evolved from the BS 7799 model? What does it include? Answer: ISO/IEC 17799. The security model has ten sections to give recommendations for information security management for use by those who are responsible for initiating, implementing, or maintaining security in their organization. 4. What is an alternative model to the BS 7799 model (and its successors)? What does it include? Answer: BS 7799 Part 2. The security model provides implementation details using a Plan-Do-Check-Act cycle. 5. How many sections does the ISO/IEC 17799 include? What is the first of these sections? Answer: Ten sections. The first section is “Organizational Security Policy.” 6. What is the COBIT? Who is its sponsor? What does it accomplish? Answer: COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT was created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI) in 1992. COBIT enables clear policy development and good practice for IT control throughout organizations.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/15/2010 for the course ITC 594 taught by Professor Peterdalmaris during the Three '10 term at Charles Sturt University.

Page1 / 4

TutorialWeek06_Ans - ITC482 Computer Management &...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online