chapter 3 review questions
docx
keyboard_arrow_up
School
Pennsylvania State University *
*We aren’t endorsed by this school
Course
456
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
2
Uploaded by ChiefCat7534
What is planning? How does an organization determine if planning is necessary?
Planning means making a roadmap for what an organization wants to achieve and how to get there. An
organization decides to plan when it wants to set new goals, adapt to changes, use resources wisely, or
avoid problems.
What are the three common levels of planning?
There are three planning levels: big-picture planning (strategic), middle-level planning (tactical), and
everyday planning (operational).
Who are stakeholders? Why is it important to consider their views when planning?
Stakeholders are people or groups interested in what an organization does. Their input matters because
they have different needs, and listening to them helps make better decisions.
What is a values statement, vision statement, and mission statement? Why are they important? What
do they contain?
Values: These are the organization's core beliefs and ethics.
Vision: It's the organization's inspiring future goal.
Mission: It explains why the organization exists and what it does.
They are important because they guide actions, inspire people, and tell others about the organization's
purpose.
What is strategy?
Strategy means having a plan to reach specific goals and compete effectively.
What is InfoSec governance?
InfoSec governance is how organizations manage and protect their information securely. It's like rules
and processes to keep data safe.
What should a board of directors recommend as an organization’s InfoSec objectives?
They should suggest goals like protecting data, following laws, reducing risks, and making sure everyone
knows how to keep information safe.
What are the five basic outcomes of InfoSec governance?
InfoSec governance aims for data to be private (confidential), accurate (integrity), available when
needed, trustworthy (authenticity), and actions can't be denied (non-repudiation).
Describe top-down vs. bottom-up strategic planning. Which is better for security in a big, diverse
organization?
Top-down: Bosses make plans, and others follow.
Bottom-up: Ideas come from all levels.
For security in a big, diverse organization, a mix is often best. Top-down keeps everyone on the same
page, but bottom-up brings fresh ideas.
What is security convergence and why does it matter?
Security convergence means combining physical and digital security efforts. It's important because it
improves overall safety, saves money, and gives a complete view of risks.
What is joint application design?
Joint Application Design (JAD) is when people from different groups work together to plan and design
software, making sure it meets everyone's needs.
What is a systems development life cycle methodology?
It's a step-by-step way to create and manage software or systems from start to finish.
How does the SecSDLC differ from the regular SDLC?
SecSDLC is like the regular SDLC, but with extra focus on security at every stage to make sure software or
systems are safe from cyber threats.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help