Assignment07 - Management of Information Security, 2nd ed....

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Management of Information Security, 2 nd ed. _____________________________________________________________________________ _ John Moura Chapter 7: Risk Management: Identifying and Assessing Risk Review Questions 1. What is risk management? The process of identifying vulnerabilities in an organization’s information system and taking steps to assure that losses experienced by the systems are within the acceptable loss limits of the organization. 2. List and describe the key areas of concern for risk management. Identification, Classification, and prioritization of the organization’s information assets People, Procedures, Data Assets 3. Why is identification of risks, through a listing of assets and their vulnerabilities, so important to the risk management process? It identifies areas of residual risk that may or may not need to be reduced. This mechanism improves the general state of security within an organization. 4. According to Sun Tzu, what two things must be achieved to successfully secure information assets? Know thy self, Know thy enemy 5. Who is responsible for risk management in an organization InfoSec, IT, Management 6. Which community of interest usually takes the lead in information asset risk management? General Management
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This homework help was uploaded on 04/06/2008 for the course 547 471 taught by Professor Binde during the Spring '07 term at Rutgers.

Page1 / 3

Assignment07 - Management of Information Security, 2nd ed....

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online