A policy is a plan or course of action intended to influence and determine decisions, actions, and other matters. Policies function like laws within an organization because they dictate acceptable and unacceptable behavior within the context of the organization's culture. A standard has the same requirement for compliance as a policy, but a standard provides more detail for what must be done to comply with policy. The level of acceptance
for standards may be informal, as for de facto standards, or formal (as for de jure standards). Practices, procedures, and guidelines effectively explain how to comply with policy. Show
Policy - Written instructions that describe proper behavior. A hot site is a fully configured computer facility with all
services, communications links, and physical plant operations, including heating and air conditioning. Hot sites duplicate computing resources, peripherals, phone systems, applications, and workstations. A hot site is the pinnacle of contingency planning; it is a duplicate facility that needs only the latest data backups and personnel to become a fully operational twin of the original. A hot site can be operational in a matter of minutes, and in some cases it may be built to perform a fail-over
seamlessly by picking up the processing load from a failing site. The hot site is therefore the most expensive alternative available. Risk management is the process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of all the components in those systems. Stateful inspection firewalls, also called stateful firewalls, keep track of each network connection between internal and external systems using a state table. A state table tracks the state and context of each packet in the conversation by recording which station sent what
packet and when. Like first-generation firewalls, stateful inspection firewalls perform packet filtering, but they take it a step further. Whereas simple packet-filtering firewalls only allow or deny certain packets based on their address, a stateful firewall can block incoming packets that are not responses to internal requests. If the stateful firewall receives an incoming packet that it cannot match in its state table, it defaults to its ACL to determine whether to allow the packet to pass.
The primary disadvantage of this type of firewall is the additional processing required to manage and verify packets against the state table, which can leave the system vulnerable to a DoS or DDoS attack. What type of policy would be needed to guide use of the Web e mail?An issue specific security policy would be needed to guide use of the web, e-mail, and office equipment for personal use. 11. What is contingency planning? How is it different from routine management planning?
What is an EISP and what purpose does it serve?The purpose of the Employee Incentive Scholarship Program (EISP) is to establish an incentive program for Veterans Health Administration (VHA) employees, in order to assist VHA in meeting its staffing needs for health professional occupations in which recruitment or retention of qualified personnel is difficult.
What is contingency planning how is contingency planning different from routine management planning?Contingency planning is putting preparations in advance to reduce the effects of damages or risks, it is more of a plan B, in a business setting contingency planning may help in maintaining business relationships, preventing data loss and other uncertainties of the future while in routine management planning is a plan ...
Where can a security administrator find information on established security frameworks?A security administrator can go find information on an established security framework by looking at the security blueprint that is either adopted or adapted to by organizations. The name of the model is the Information Technology-Code of Practice for Information Security Management.
|