search

2. where can a security administrator find information on established security frameworks?

1 Jahrs vor
Kommentare: 0
Ansichten: 192

Summarize

Quiz

Quiz 1

How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it?

Show
  • Standard framework for information security that states organizational security policy is needed to provide management direction and support.
  • It is the executive management's responsibility to provide strategic direction,

Quiz 2

Where can a security administrator find information on established security frameworks?

At the security blueprint

Quiz 3

What is the ISO 27000 series of standards? Which individual standards make up the series?

One of the most widely referenced security models - Standard framework for information security that states organizational security policy is needed to provide management direction and support - Purpose is to give recommendations for information security management - Provides a starting point for developing organizational security

Quiz 4

What are the issues associated with adopting a formal framework or model?

Each environment is unique, framework may not be the best solution.

Quiz 5

What documents are available from the NIST Computer Security Resource Center, and how can they support the development of a security framework?

SP-800 series

Quiz 6

What benefit can a private, for-profit agency derive from best practices designed for federal agencies?

Quiz 7

What Web resources can aid an organization in developing best practices as part of a security framework?

Quiz 8

Briefly describe management, operational, and technical controls, and explain when each would be applied as part of a security framework.

  • Management controls: strategic
  • Operational controls: address personnel and physical security
  • Technical controls: tactical and technical implementations related.

Quiz 9

What are the differences between a policy, a standard, and a practice?

  • Policy: general, from high-ups
  • Standard: minimum specification for compliance
  • Practice: how to comply in detail

What are the three types of security policies? Where would each be used? What type of policy would be needed to guide use of the Web? E-mail? Office equipment for personal use?

  • Enterprise info SP: guides the dev, implementation nad managment of the SP
  • Issue Specific SP: specific area of tech
  • Sys Specific SP: standards for configuring and maintaining systems

Quiz 10

Who is ultimately responsible for managing a technology? Who is responsible for enforcing policy that affects the use of a technology?

  • The Champion
  • policy administrator or manager

Quiz 11

What is contingency planning? How is it different from routine management planning?What are the components of contingency planning?

  • plan to anticipate, react to, and recover from advert events and restore BC.
  • Incident response P, disaster recovery P, and business continuity P are components of contingency planning.

Quiz 12

When is the IR plan used?

As soon as an incident in progress has been identified.

Quiz 13

When is the DR plan used?

If an incident escalates or is disastrous, focuses on restoring systems at the original site.

Quiz 14

When is the BC plan used?

  • Used concurrently with the disaster recovery plan when the damage is major, creates long-term consequences, or requires more than simple restoration of information and information resources.

Quiz 15

What are the elements of a business impact analysis?

Quiz 16

What are Pipkin’s three categories of incident indicators?

Quiz 17

What is containment, and why is it part of the planning process?

  • Isolating the affected channels, processes, services, or computers, and stopping the losses such as taking down the entire system, servers, and network.

  • Containment of incident’s scope or impact is first priority

Quiz 18

When should law enforcement be involved in an IR or DR action? What are the issues associated with law enforcement involvement?

Quiz 19

What is an after-action review? When is it performed? Why is it done?

Quiz 20

List and describe the six site and data contingency strategies identified in the text.

  • Exclusive options:
    • Hot site: “plugin and use”
    • Warm site: has some equipment but not all
    • Cold site: just the empty site
  • Shared options:
    • Time-share: multiple companies rent the same site
    • Service bureaus: third party providing the backup sites
    • Mutual agreements: companies being backup sites of each other

What is the ISO 27000 series of standards which individual standards make up the series?

The ISO/IEC 27001 family of standards, also known as the ISO 27000 series, is a series of best practices for improving an organization's information security policies and procedures, giving it a framework to address risks and capitalise on opportunities as it moves into the future.

Who is ultimately responsible for managing a technology who is responsible for enforcing policy that affects the use of a technology quizlet?

Policy has the ultimate responsibility for managing technology. System administrators and users are responsible for enforcing policy. Based on NIST Special Publication 800-14, there are three types of information security policies.

What is the ISO 27000 framework?

What Is ISO/IEC 27000? Also known as the ISO 27000 Family of Standards, it's a series of information security standards that provide a global framework for information security management practices.

What is information security governance?

IT security governance is the system by which an organization directs and controls IT security (adapted from ISO 38500). IT security governance should not be confused with IT security management.

security administrator find information established security frameworks Information security resources NIST website Security

zusammenhängende Posts

A security principal which grants users only access rights they need to perform their job functions
A security principal which grants users only access rights they need to perform their job functions

Which ip-address assignment method leads to fewer efforts for information technology professionals?
Which ip-address assignment method leads to fewer efforts for information technology professionals?

Which of the following is the least likely reason the personal information is hard to remove?
Which of the following is the least likely reason the personal information is hard to remove?

Which type of activity changes or falsifies information in order to mislead or re-direct traffic?
Which type of activity changes or falsifies information in order to mislead or re-direct traffic?

Which of the following is an attack on an information system that takes advantage of a vulnerability?
Which of the following is an attack on an information system that takes advantage of a vulnerability?

Which of the following are responsible for developing and operating the information systems A is specialists B is Analyst C is experts D is data entry?
Which of the following are responsible for developing and operating the information systems A is specialists B is Analyst C is experts D is data entry?

What type of malware is spyware that collects information about the users browsing habits in order to display advertisements in the browser targeted to that user?
What type of malware is spyware that collects information about the users browsing habits in order to display advertisements in the browser targeted to that user?

Which of the following terms refers to facts and figures that are useless unless they have meaning?
Which of the following terms refers to facts and figures that are useless unless they have meaning?

Which of the following standard law focuses on protecting the financial non public information quizlet?
Which of the following standard law focuses on protecting the financial non public information quizlet?

Which of the following standard/law focuses on protecting the financial non-public information?
Which of the following standard/law focuses on protecting the financial non-public information?

Werbung

NEUESTEN NACHRICHTEN

Wie bekommt man einen Knutschfleck schnell wieder weg?
1 Jahrs vor . durch MaterialReinstatement
Warum kann ich meine Homepage nicht öffnen?
1 Jahrs vor . durch InexhaustibleConflict
Abrechnung mastercard wer ist zuständig
1 Jahrs vor . durch OldVicinity
Which of the following describe Accenture people choose every correct answer
1 Jahrs vor . durch WillingRecurrence
Mobiles Datennetzwerk konnte nicht aktiviert werden Ausland
1 Jahrs vor . durch SubversiveAdage
Wer stirbt in Staffel 8 Folge 24 Greys Anatomy?
1 Jahrs vor . durch PretrialLicence
Wie lange braucht leber um sich vom alkohol zu erholen
1 Jahrs vor . durch ElectromagneticSubcommittee
Is a planned activity at a special event that is conducted for the benefit of an audience.
1 Jahrs vor . durch SleepingEspionage
Welche Spiele kann man mit PC und PS4 zusammen spielen?
1 Jahrs vor . durch PromiscuousOutage
Was tun wenn baby erstickt
1 Jahrs vor . durch FreezingElectricity

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendejahikoptzhth
Urheberrechte © © 2024 de.ketajaman Inc.