Show
Recommended textbook solutions American Government1st EditionGlen Krutz 412 solutions Politics in States and Communities15th EditionSusan A. MacManus, Thomas R. Dye 177 solutions
Politics in States and Communities15th EditionSusan A. MacManus, Thomas R. Dye 177 solutions
Government in America: Elections and Updates Edition16th EditionGeorge C. Edwards III, Martin P. Wattenberg, Robert L. Lineberry 269 solutions
Terms in this set (17)What is information security policy? Why it is critical to the success of the information security program? The Information Security Policy sets out strategies for employees and employer so that each is aware of security expectations. It is important because it helps employees to understand the direction and needs of the organization. Of the controls or countermeasures used to control information security risk, which is viewed as the least expensive? What are the primary costs of this type of control? Security policies are inexpensive but difficult to implement. Therefore, the primary cost is managements time and effort. List and describe the three challenges in shaping policy. • An organizations policy should never conflict with the law Describe the bull's-eye model. What does it say about policy in the information security program? The bulls eye model policies are on the outside, because polices deal with every aspect. Followed by networks where a breach is more likely. Next is Systems, such as desktops computers and servers. In the center is the applications.The bull eye model is effective because it starts with policy, having a good policy keeps your networks and systems more secure. Are policies different from standards? In what way? Yes, a standard is a more detailed statement of what must be done in order to comply with the policy. Are policies different from procedures? In what way? Yes, procedures explain what steps an employee needs to take to comply with the policy. Though additional steps that are not in the policy may be included in the procedure. For a policy to have any effect, what must happen after it is approved by management? What are some ways to accomplish this? All members/employees of the organization must read, understand and agree to abide by the policy. For policies to be effective they must be distributed and available to read. Is policy considered static or dynamic? Which factors might determine this status? A policy should be considered static or dynamic depending on the context of the policy. A policies rules and standards should be static and maintained once set in place they should not be changed or ignored to benefit any individual. However, a policy should also be dynamic so that is changes with the times and does not become out of date and ineffective. List and describe the three types of information security policy as described by NIST SP 800-14. The NIST SP 800-14 is an enterprise information security program (EISP). EISP is used to determine the scope, tone and strategic direction for a company including all security related topics. This policy should directly reflect the goals and mission of the company. The ISSP is used to guide employees on the use of specific types of technology (such as email or internet use). This should be careful designed to uphold the company ethics, while providing the employees with detailed information to ensure they understand the policy and how it is beneficial to the company. The SYSSP should be designed and created focusing on a specific type of system (such as firewalls). It should provide a guideline for the implementation and standards by which these systems are configured and maintained For what purpose is an enterprise information security program policy (EISP) designed? An Enterprise Information Security Policy is designed to outline security strategies for an organization and assign responsibilities for various information security areas. As well as guide the development, and management requirements of the information security program. For what purpose is an issue-specific security policy (ISSP) designed? An Issue-Specific Policy is designed to provide detailed and targeted guidelines and expectations regarding how the technology-based system should be used For what purpose is a system-specific security program policy (SysSP) designed? A System Security Program Policy is designed to specify and detail standards or produces to be used when maintaining systems List and describe four elements that should be present in the EISP. 1. An overview of the corporate philosophy on
security. List and describe three purposes that the ISSP serves in the organization 1. The ISSP explains how the organization expects the technology in question is to be used. 15. What should be the first component of an ISSP when it is presented? Why? What should be the second major heading, in your opinion? Why? The ISSP should begin with a Statement of Purpose which outlines its objectives, who is responsible for the policy outlined and what technology it is addressing. For a policy to be effective, it has to have an overall framework before the detailed steps can be outlined. The second major heading should address who is allowed to have access to the technology. Security levels are based on the level of risk if the information is compromised; therefore, it is critical as to who needs access to certain information or systems. List and describe three common ways in which ISSP documents are created and/or managed Policies can be created to manage a specific issue, such as network and internet access in the work place. Policies can be created with the intent of covering all issues giving the policy broad a wider range for implementation and enforcement. Policies can be written with a modular approach which gives them both a detailed topic focus to address issues within a responsible department, while also allowing centrally managed procedures and topic coverage List and describe the two general groups of materials included in most SysSP documents. The two types of materials included in the Systems-Specific Policy are: Management Guidance to guide the implementation and configuration of technology and address the behavior of the users to ensure the security of the information. Technical Specification whose purpose is to create a managerial policy to translate the managerial intent for the technical control into an enforceable technical approach. Students also viewedISA Management 520 terms chaaad787 ISA Management 620 terms chaaad787 Final 24939 terms bwall12_ Cis 249 ch.437 terms breannas209 Sets found in the same folderISA 0720 terms chaaad787 ISA 1220 terms chaaad787 ISA Management 520 terms chaaad787 ISA 1020 terms chaaad787 Other sets by this creatorContingency Planning17 terms Leanne547 Risk Control16 terms Leanne547 Risk Identification11 terms Leanne547 Verified questions
question Must dividends be paid to preferred shareholders regardless of whether or not the corporation has made a profit? Why or why not? Verified answer
finance Trio Company reports the following information for the current year, which is its first year of operations. $$ \begin{matrix} \text{Direct materials} \ldots\ldots\ldots & \text{\$15 per unit}\\ \text{Direct labor}\ldots\ldots\ldots & \text{\$16 per unit}\\ \text{Overhead costs for the year}\\ \text{Variable overhead}\ldots\ldots\ldots & \text{\$ 80,000 per year}\\ \text{Fixed overhead}\ldots\ldots\ldots & \text{\$160,000 per year}\\ \text{Units produced this year}\ldots\ldots\ldots & \text{20,000 units}\\ \text{Units sold this year}\ldots\ldots\ldots & \text{14,000 units}\\ \text{Ending finished goods inventory in units}\ldots\ldots\ldots & \text{6,000 units}\\ \end{matrix} $$ 1. Compute the product cost per unit using absorption costing. 2. Determine the cost of ending finished goods inventory using absorption costing. 3. Determine the cost of goods sold using absorption costing. Verified answer
psychology Which of the big five traits best predicts the use of positive emotion words in text messaging? Verified answer
question The Healthy Eating Index measures on a 100-point scale the adequacy of consumption of vegetables, fruits, grains, milk, meat and beans, and liquid oils. This scale is called HEI2005 (Guenther et al. 2007). There are two interviews for each person in the study. The first interview is identified by daycode = 1 and the second interview is identified by daycode = 2. This data is stored in the data file HEI Cost Data Variable Subset. Find a 95% confidence interval estimate of the difference in the mean HEI–2005 scores between male and female participants at the time of their first interview. Verified answer Recommended textbook solutionsAmerican Government1st EditionGlen Krutz 412 solutions Politics in States and Communities15th EditionSusan A. MacManus, Thomas R. Dye 177 solutions
Politics in States and Communities15th EditionSusan A. MacManus, Thomas R. Dye 177 solutions Criminal Justice in America9th EditionChristina Dejong, Christopher E. Smith, George F Cole 105 solutions Other Quizlet setsModule 1 - Wallace Midterm29 terms johnpalmerdarnall Spinal Cord & Spinal Nerves 14.5 - 14.734 terms thetigerlilyy S2 SW3 TX HISTORY SIX WEEKS TEST 2ND SEM…32 terms ASHLEY_8372839 Ch.13 - HW41 terms Tagen1230 What type of document is a more detailed statement of what must be done to comply with a policy?25 Cards in this Set. Which type of document is a more detailed statement of what must be done?What is a Policy? A policy is an executive-level document that defines that something must be done. They are a statement of management intent. Policies are the law at your organization.
Which of the following is a document that outlines specific requirements or rules that must be met quizlet?A policy is a document that outlines specific requirements or rules that must be met.
Which of the following that describes the written statement of organization purpose?A mission statement is a concise explanation of the organization's reason for existence. It describes the organization's purpose and its overall intention.
|
Which type of document is a more detailed statement of what must be done to comply with a policy quizlet?
zusammenhängende Posts
Urheberrechte © © 2024 ketiadaan Inc.
