Chapter02 - 1 Information security is a management problem...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
1. Information security is a management problem rather than a technology problem because managing information security has more to do with policy and its enforcement than with technology of its implementation. Managing can address information security in terms of business impact and the cost of business interruption, rather than focusing on security as a technical problem. 2. Certainly data is the most important asset that any organization has, either data in motion or data at rest, because without data, an organization loses its record of transaction and its ability to deliver value to the customers. Other assets contains physical assets, like computers and other hardware, and digital assets, typically like developed software, electronically archived documents. 3. After researching, data has three states in motion, at rest, and in use. Accordingly, the data should also be protected in the third state. The most difficult state of all to protect is the data in motion, because once it leaves the organization, it’s no longer under the control of the organization and consequently, it might get intercepted and stolen. 4. Threat is an object, person, or other entity that represent a constant danger to an asset, while attacks only exist when a specific act may cause a loss (unlike the threats which are always present). The two terms overlap in the specific time of the attack, when the threat becomes real (like a fire breakout) and then the attack happens (the servers are on fire). 5. As stated by the SA body of knowledge, this practice of dual controls is the implementation of the “separation of privileges” principle that states that “When feasible, a protection mechanism should require two keys to unlock, rather than one”. This practice prevents the human error because one person might do an error while the other
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 10/06/2010 for the course ITSE 1345 taught by Professor Ward during the Spring '08 term at Dallas Colleges.

Page1 / 4

Chapter02 - 1 Information security is a management problem...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online