This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Jean Maurice Rakotoarimanana Review Question Chapter5 1-How can a security framework assist in the design and implementation of a security infrastructure? A security framework can essentially provide an outline of the steps needed to be taken in order to effectively implement security within an organization. 2-Where can a security administrator find information on established security framework? A security administrator can go find information on an established security framework by looking at the security blueprint that is either adopted or adapted to by organizations. The name of the model is the Information Technology – Code of Practice for Information Security Management. This model is the most referenced and often discussed security model. It contains information on the design, all security policies, education and training programs to name a few that would security admin can find information on. 3-What is the ISO 27000 series of standards? What individuals standards make up the series? The ISO 27000 series of standards have been specifically reserved by ISO for information security matters. Since October 2005, the ISO has published six of these standards: • ISO 27001: this is a model for creating information security management systems (ISMS). • ISO 27002: this is a code of practices governing information security. • ISO 27003: this focuses on the PDCA (plan-do-check-act) problem solving method for ISMS. It has been proposed, but not yet published. • ISO 27004: this standard guides the development and assessment of ISMS, in alignment with the ISO 27002. • ISO 27005: this soon to be published standard discusses information security risk management. • ISO 27006: this regulates the accreditation of organizations that certify and register ISMS. 4-What are the inherent problems with ISO 17799, and why hasn’t the U.S adopted it? What are the recommended alternatives?-The global information security community has not defined any justification for a code of practice as was identified in the ISO 17799.-ISO 17799 lacked “the necessary measurement precision of a technical standard”-There is no reason to believe that ISO 17799 was more useful than any other approach.-ISO 17799 was not as complete as other framework.-ISO 17799 was hurriedly prepared given the tremendous impact its adoption could have on industry information security controls....
View Full Document
This note was uploaded on 03/15/2012 for the course CIS CIS120 taught by Professor Zales during the Spring '12 term at Harrisburg Area Community College.
- Spring '12