American Government
1st EditionGlen Krutz
412 solutions
Politics in States and Communities
15th EditionSusan A. MacManus, Thomas R. Dye
177 solutions
Politics in States and Communities
15th EditionSusan A. MacManus, Thomas R. Dye
177 solutions
Government in America: Elections and Updates Edition
16th EditionGeorge C. Edwards III, Martin P. Wattenberg, Robert L. Lineberry
269 solutions
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Terms in this set (17)
What is information security policy? Why it is critical to the success of the information security program?
The Information Security Policy sets out strategies for employees and employer so that each is aware of security expectations.
It is important because it helps employees to understand the direction and needs of the organization.
Of the controls or countermeasures used to control information security risk, which is viewed as the least expensive? What are the primary costs of this type of control?
Security policies are inexpensive but difficult to implement. Therefore, the primary cost is managements time and effort.
List and describe the three challenges in shaping policy.
• An organizations policy should never conflict with the law
• It should stand up in court if challenged
• It should be properly supported and administered
Describe the bull's-eye model. What does it say about policy in the information security program?
The bulls eye model policies are on the outside, because polices deal with every aspect. Followed by networks where a breach is more likely. Next is Systems, such as desktops computers and servers. In the center is the applications.The bull eye model is effective because it starts with policy, having a good policy keeps your networks and systems more secure.
Are policies different from standards? In what way?
Yes, a standard is a more detailed statement of what must be done in order to comply with the policy.
Are policies different from procedures? In what way?
Yes, procedures explain what steps an employee needs to take to comply with the policy. Though additional steps that are not in the policy may be included in the procedure.
For a policy to have any effect, what must happen after it is approved by management? What are some ways to accomplish this?
All members/employees of the organization must read, understand and agree to abide by the policy. For policies to be effective they must be distributed and available to read.
Is policy considered static or dynamic? Which factors might determine this status?
A policy should be considered static or dynamic depending on the context of the policy. A policies rules and standards should be static and maintained once set in place they should not be changed or ignored to benefit any individual. However, a policy should also be dynamic so that is changes with the times and does not become out of date and ineffective.
List and describe the three types of information security policy as described by NIST SP 800-14.
The NIST SP 800-14 is an enterprise information security program (EISP). EISP is used to determine the scope, tone and strategic direction for a company including all security related topics. This policy should directly reflect the goals and mission of the company.
The ISSP is used to guide employees on the use of specific types of technology (such as email or internet use). This should be careful designed to uphold the company ethics, while providing the employees with detailed information to ensure they understand the policy and how it is beneficial to the company.
The SYSSP should be designed and created focusing on a specific type of system (such as firewalls). It should provide a guideline for the implementation and standards by which these systems are configured and maintained
For what purpose is an enterprise information security program policy (EISP) designed?
An Enterprise Information Security Policy is designed to outline security strategies for an organization and assign responsibilities for various information security areas. As well as guide the development, and management requirements of the information security program.
For what purpose is an issue-specific security policy (ISSP) designed?
An Issue-Specific Policy is designed to provide detailed and targeted guidelines and expectations regarding how the technology-based system should be used
For what purpose is a system-specific security program policy (SysSP) designed?
A System Security Program Policy is designed to specify and detail standards or produces to be used when maintaining systems
List and describe four elements that should be present in the EISP.
1. An overview of the corporate philosophy on
security.
2. Information on the structure of the information security organization and individuals that fulfill the information security roles.
3. Fully articulated responsibilities for security that are shared by all members of the organization
4. Fully articulated responsibilities for security that are unique to each role within the organization
List and describe three purposes that the ISSP serves in the organization
1. The ISSP explains how the organization expects the technology in question is to be used.
2. The ISSP documents how the technology is controlled and identifies the process and who has the authority to provide that control.
3. The ISSP protects the organization against misuse of the technology.
15. What should be the first component of an ISSP when it is presented? Why? What should be the second major heading, in your opinion? Why?
The ISSP should begin with a Statement of Purpose which outlines its objectives, who is responsible for the policy outlined and what technology it is addressing. For a policy to be effective, it has to have an overall framework before the detailed steps can be outlined.
The second major heading should address who is allowed to have access to the technology. Security levels are based on the level of risk if the information is compromised; therefore, it is critical as to who needs access to certain information or systems.
List and describe three common ways in which ISSP documents are created and/or managed
Policies can be created to manage a specific issue, such as network and internet access in the work place.
Policies can be created with the intent of covering all issues giving the policy broad a wider range for implementation and enforcement.
Policies can be written with a modular approach which gives them both a detailed topic focus to address issues within a responsible department, while also allowing centrally managed procedures and topic coverage
List and describe the two general groups of materials included in most SysSP documents.
The two types of materials included in the Systems-Specific Policy are:
Management Guidance to guide the implementation and configuration of technology and address the behavior of the users to ensure the security of the information.
Technical Specification whose purpose is to create a managerial policy to translate the managerial intent for the technical control into an enforceable technical approach.
Students also viewedISA Management 5
20 terms
chaaad787
ISA Management 6
20 terms
chaaad787
Final 249
39 terms
bwall12_
Cis 249 ch.4
37 terms
breannas209
Sets found in the same folderISA 07
20 terms
chaaad787
ISA 12
20 terms
chaaad787
ISA Management 5
20 terms
chaaad787
ISA 10
20 terms
chaaad787
Other sets by this creatorContingency Planning
17 terms
Leanne547
Risk Control
16 terms
Leanne547
Risk Identification
11 terms
Leanne547
Verified questions
question
Must dividends be paid to preferred shareholders regardless of whether or not the corporation has made a profit? Why or why not?
Verified answer
finance
Trio Company reports the following information for the current year, which is its first year of operations. $$ \begin{matrix} \text{Direct materials} \ldots\ldots\ldots & \text{\$15 per unit}\\ \text{Direct labor}\ldots\ldots\ldots & \text{\$16 per unit}\\ \text{Overhead costs for the year}\\ \text{Variable overhead}\ldots\ldots\ldots & \text{\$ 80,000 per year}\\ \text{Fixed overhead}\ldots\ldots\ldots & \text{\$160,000 per year}\\ \text{Units produced this year}\ldots\ldots\ldots & \text{20,000 units}\\ \text{Units sold this year}\ldots\ldots\ldots & \text{14,000 units}\\ \text{Ending finished goods inventory in units}\ldots\ldots\ldots & \text{6,000 units}\\ \end{matrix} $$ 1. Compute the product cost per unit using absorption costing. 2. Determine the cost of ending finished goods inventory using absorption costing. 3. Determine the cost of goods sold using absorption costing.
Verified answer
psychology
Which of the big five traits best predicts the use of positive emotion words in text messaging?
Verified answer
question
The Healthy Eating Index measures on a 100-point scale the adequacy of consumption of vegetables, fruits, grains, milk, meat and beans, and liquid oils. This scale is called HEI2005 (Guenther et al. 2007). There are two interviews for each person in the study. The first interview is identified by daycode = 1 and the second interview is identified by daycode = 2. This data is stored in the data file HEI Cost Data Variable Subset. Find a 95% confidence interval estimate of the difference in the mean HEI–2005 scores between male and female participants at the time of their first interview.
Verified answer
Recommended textbook solutionsAmerican Government
1st EditionGlen Krutz
412 solutions
Politics in States and Communities
15th EditionSusan A. MacManus, Thomas R. Dye
177 solutions
Politics in States and Communities
15th EditionSusan A. MacManus, Thomas R. Dye
177 solutions
Criminal Justice in America
9th EditionChristina Dejong, Christopher E. Smith, George F Cole
105 solutions
Other Quizlet setsModule 1 - Wallace Midterm
29 terms
johnpalmerdarnall
Spinal Cord & Spinal Nerves 14.5 - 14.7
34 terms
thetigerlilyy
S2 SW3 TX HISTORY SIX WEEKS TEST 2ND SEM…
32 terms
ASHLEY_8372839
Ch.13 - HW
41 terms
Tagen1230