Show
Mike J Nagleunread, Aug 22, 2010, 5:30:55 AM8/22/10 to SEC-0130 Summer 2010 I'm sorry I did not post this two weeks ago, but here it is now. 7. What information attribute is often of great value for local In networks that use static addressing, the IP Address is very useful 8. Which is more important to the system components classification “It is also important that
the categories be both comprehensive and Elma Hartunianunread, Sep 4, 2010, 12:13:50 PM9/4/10 to Nice work Mike. Here is my response to #8 It is more important that the list be comprehensive than mutually exclusive. It would be far better to have a component assessed in an incorrect category rather than to have it go completely unrecognized during a risk assessment. Honey Lance Moralesunread, Jul 16, 2021, 11:07:37 AM7/16/21 to SEC-0130 Summer 2010 Wow, this was posted on 2010. So during that time, there was no google classroom and people used google groups instead. Principles of Information Security, 4th Edition Chapter 4 Review Questions 1.What is risk management? Why is identification of risks, by listing assets and their vulnerabilities, so important to the risk management process? Risk management is the process of identifying vulnerabilities in an organization’s information systems and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of all the components in the organization’s information system. To protect assets, which are defined here as information and the systems that use, store, and transmit information, you must understand what they are, how they add value to the organization, and to which vulnerabilities they are susceptible. Once you know what you have, you can identify what you are already doing to protect it. Just because you have a control in place to protect an asset does not necessarily mean that the asset is protected. Frequently, organizations implement control mechanisms, but then neglect the necessary periodic review, revision, and maintenance. The policies, education and training programs, and technologies that protect information must be carefully maintained and administered to ensure that they are still effective. 2.According to Sun Tzu, what two key understandings must you achieve to be successful? An observation made by Chinese General Sun Tzu Wu stated, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. In short, know yourself and know the enemy. 3.Who is responsible for risk management in an organization? Which community of interest usually takes the lead in information security risk management? In an organization, it is the responsibility of each community of interest to manage the risks that organization encounters. Each community of interest has a role to play. Since the members of the information security community best understand the threats and attacks that introduce risk into the organization, they often take a leadership role in addressing risk. 4.In risk management strategies, why must periodic review be a part of the process? Frequently, organizations implement control mechanisms, but then neglect the necessary periodic review, revision, and maintenance. The policies, education and training programs, and technologies that protect information must be carefully maintained and administered to ensure that they are still effective. 5.Why do networking components need more examination from an information security perspective than from a systems development perspective? Which is more important to the information asset classification scheme that it be comprehensive or that it be mutually exclusive?Which is more important to the information asset classification scheme: that it be comprehensive or that it be mutually exclusive? Answer: A comprehensive information asset classification scheme is more desirable because it implies that all assets will be included, even if they appear in more than one location.
What two key understandings must you achieve to be successful in battle?According to Sun Tzu, what two key understandings must you achieve to be successful in battle? 1) If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.
What information attributes is often of great value for local networks that use static addressing?What information attribute is often of great value for local networks that use static addressing? For local networks, the IP address is the information attribute used by static IP addresses.
What are the strategies for controlling risk as described in this chapter?What are the five risk control strategies presented in this chapter? Answer: The five risk control strategies presented in this text are defense, transference, mitigation, acceptance, and termination.
|