1. When an organization undertakes an information security-driven review of job descriptions,
which job descriptions must be reviewed? Which IT jobs not directly associated with
information security should be reviewed?
When an organization unde
1. What is the difference between criminal law and civil law?
Civil law embodies a wide variety of laws pertaining to relationships between and among
individuals and organizations. Criminal law addresses violations harmful to society and is
1. What is the difference between authentication and authorization? Can a system permit
authorization without authentication? Why or why not?
Authentication is confirming the identity of the entity accessing a logical or physical area