1. What is planning? How does an organization determine if planning is necessary?
a. Planning is the dominant means of managing resources in organizations. It
entails a sequence of actions to achieve specific goals in a specific amount of
time, and in con
Page 31 Review Questions
1. List and describe the three communities of interest that engage in an organizations
efforts to solve InfoSec problems. Give two or three examples of who might be in each
a. Information Secu
Chapter 4 Questions
1. What is information security policy? Why is it critical to the success of the InfoSec
a. A security policy is a generic document that outlines rules for computer network
access, determines how oth
ITIA 1400 Chapter 5 Questions
Wednesday Night 6pm
1. What is an InfoSec Program?
a. An information security program is the structure and organization of the effort that
contains risks to the information assets of the organization.
1. What is an InfoSec framework?
a. InfoSec framework is the outline of the more thorough blueprint.
2. What is an InfoSec blueprint?
a. Infosec blueprint sets the model to be followed in the creation of the design,
selection, and the initial and ongoing
Exercise # 1
Search the Web for the term security best practices. Compare your findings to the
recommended practices outlined in the NIST documents.
Security Best Practices, from what I have located on the web, seem to be tailored
Chapter 7 Review Questions
1. What is benchmarking?
a. Benchmarking is used to generate a security blueprint by using already
established security models and practices. Benchmarking is defined as following
the existing practices of similar organizations o
Week 3 Questions
1. What is the name for the broad process of planning for the unexpected? What are its
a. Contingency Planning (CP)
b. The four primary components of the Contingency Plan is Business Impact