Unformatted text preview: as? What are the differences among them? the Answer: Three areas: 1. Those that define – Answer: they provide policies, guidelines and they standards, 2. Those that build – There are There technical people who create and install security solutions, and 3. Those that administer – They operate and They administrate the security tools. administrate 7 Which of the SETA program’s three three elements is the organization best prepared to offer? Which should it consider outsourcing? consider Answer: Security awareness is the Answer: organizations best prepared to offer, and even though some organization do have in-house security training, a do house lot of the times they outsource security training. security
8 4 What is an information security framework? What How does it relate to the information security blueprint? security Answer: The information security framework Answer: is the outline of the blueprint, which is the basis for design, selection, and implementation of all subsequent security controls, including information security policies, security education and training programs, and technological controls. programs, 9 W hat is the standard of due care? How does it relate to What due diligence? due Answer: The standard of due care is when an Answer: organization adopts minimum levels of security for a legal defense; they may need to show that they have done what any prudent organization would do in similar circumstances. Failure to support a standard of due care or due diligence can open an organization to legal liability, provided it can be shown that the organization was negligent in its application or lack of application of information protection. protection. 10 5 What is benchmarking? What is baselining? What baselining How do they differ? How Answer: Benchmarking is looking at what Answer: other organizations have done and compare it to yourself. Baselining iis a Baselining s value or profile of a performance metric against which changes in the performance metric can usefully compared. Benchmarking is comparing to other companies while baselining iis comparing to baselining s your own company. your
11 What is risk management? List and describe What the key areas of concern for risk management. management. Answer: Risk management is the process of Answer: discovering and assessing the risks to an organization's operations and determining how those risks can be controlled or mitigated. Areas = Risk identification, risk assessment, and risk control. assessment, 12 6 What value would an automated asset What inventory system have for the risk identification process? identification Answer: An automated asset inventory Answer: system would be valuable to the risk identification process because all hardware components are already identified – models, make and models, locations – thus management can thus review for the most critical items and assess the...
View Full Document