1. What is information security policy? Why is it critical to the success of the InfoSec program? 2. Of the controls or countermeasures used to control InfoSec risk, which is viewed as the least expensive? What are the primary costs of this type of control? 3. List and describe the three challenges in shaping policy.
1. What is information security policy? Why is it critical to the success of the InfoSec program? 2. Of the controls or countermeasures used to control InfoSec risk, which is viewed as the least expensive? What are the primary costs of this type of control? 3. List and describe the three challenges in shaping policy.
Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
Related questions
Question
1. What is information security policy? Why is it critical to the success of the InfoSec program ?
2. Of the controls or countermeasures used to control InfoSec risk, which is viewed as the least
expensive? What are the primary costs of this type of control?
3. List and describe the three challenges in shaping policy.
4. List and describe the three guidelines for sound policy, as stated by Bergeron and Bérubé.
5. Describe the bull’s-eye model. What does it say about policy in the InfoSec program?
6. In what way are policies different from standards?
7. In what way are policies different from procedures?
8. For a policy to have any effect, what must happen after it is approved by management? What are
2. Of the controls or countermeasures used to control InfoSec risk, which is viewed as the least
expensive? What are the primary costs of this type of control?
3. List and describe the three challenges in shaping policy.
4. List and describe the three guidelines for sound policy, as stated by Bergeron and Bérubé.
5. Describe the bull’s-eye model. What does it say about policy in the InfoSec program?
6. In what way are policies different from standards?
7. In what way are policies different from procedures?
8. For a policy to have any effect, what must happen after it is approved by management? What are
some ways to accomplish this?
9. Is policy considered static or dynamic? Which factors might determine this status?
10. List and describe the three types of InfoSec policy as described by NIST SP 800-14.
11. What is the purpose of an EISP?
12. What is the purpose of an ISSP?
13. What is the purpose of a SysSP?
14. To what degree should the organization’s values, mission, and objectives be integrated into the
policy documents?
15. List and describe four elements that should be present in the EISP.
16. List and describe three functions that the ISSP serves in the organization.
17. What should be the first component of an ISSP when it is presented? Why? What should be the
second major component? Why?
18. List and describe three common ways in which ISSP documents are created and/or managed.
19. List and describe the two general groups of material included in most SysSP documents.
20. List and describe the three approaches to policy development presented in this chapter. In your
opinion, which is best suited for use by a smaller organization and why? If the target organization
were very much larger, which approach would be more suitable and why?
9. Is policy considered static or dynamic? Which factors might determine this status?
10. List and describe the three types of InfoSec policy as described by NIST SP 800-14.
11. What is the purpose of an EISP?
12. What is the purpose of an ISSP?
13. What is the purpose of a SysSP?
14. To what degree should the organization’s values, mission, and objectives be integrated into the
policy documents?
15. List and describe four elements that should be present in the EISP.
16. List and describe three functions that the ISSP serves in the organization.
17. What should be the first component of an ISSP when it is presented? Why? What should be the
second major component? Why?
18. List and describe three common ways in which ISSP documents are created and/or managed.
19. List and describe the two general groups of material included in most SysSP documents.
20. List and describe the three approaches to policy development presented in this chapter. In your
opinion, which is best suited for use by a smaller organization and why? If the target organization
were very much larger, which approach would be more suitable and why?
Expert Solution
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
This is a popular solution!
Trending now
This is a popular solution!
Step by step
Solved in 4 steps
Knowledge Booster
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.Recommended textbooks for you
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education