CIS_Quiz4 - CIS410 Quiz#4 1 Define IT security management A process used to achieve and maintain appropriate levels of confidentiality integrity

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
CIS410 Quiz #4 1. Define IT security management. A process used to achieve and maintain appropriate levels of confidentiality, integrity, availability, accountability, authenticity, and reliability. 2. List the three fundamental questions IT security management tries to address. a) What assets do we need to protect? b) How are those assets threatened? c) What can we do to counter those threats? 3. List the steps in the process used to address the three fundamental questions. Plan, do, check, act. 4. List some of the key national and international standards that provide guidelines on IT security management and risk assessment. ISO13335, ADSD06, SASN04, SA04, and NIST02. 5. List and briefly describe the four steps in the iterative security management process. Plan – Establish security policy, processes and procedures relevant to managing risk and improving information security to deliver results in accordance with an organization’s overall policies and objectives. Do – Implement and operate the security policy, controls, processes, and procedures.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 09/09/2011 for the course CIS CIS410 taught by Professor Mr.t during the Spring '11 term at ECPI College of Technology.

Page1 / 2

CIS_Quiz4 - CIS410 Quiz#4 1 Define IT security management A process used to achieve and maintain appropriate levels of confidentiality integrity

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online