Management Of Information Security
6th Edition
ISBN: 9781337405713
Author: WHITMAN, Michael.
Publisher: Cengage Learning,
expand_more
expand_more
format_list_bulleted
Question
Chapter 9, Problem 1RQ
Program Plan Intro
Information security is the protection of information in the organization; it helps to manage data access, web-browsing behaviors, passwords usage and encryption, email attachments, and so on.
- It is designed to provide structure in the workplace, create a productive and effective work place.
- It is free from unnecessary distractions.
Expert Solution & Answer
Explanation of Solution
Review of job descriptions:
If an organization undertakes an InfoSec-driven review of job description, all employee’s job description and subsequent performance are reviewed to make the whole organization proceeds InfoSec further serious.
- The employee job descriptions are recruiting, hiring, firing, managing and releasing human resources.
IT jobs not directly associated:
IT jobs which is not directly associated with InfoSec should be reviewed are auditing, HR(Human Resources), and purchasing jobs.
Want to see more full solutions like this?
Subscribe now to access step-by-step solutions to millions of textbook problems written by subject matter experts!
Students have asked these similar questions
What are the tactics and goals of an information security incident plan designed to protect against an increase in theft and security incidents?
CISOs are tasked with creating a strategy for a company's information security
program. What are the most significant aspects of a security program in your
opinion?
The information security plan of an organization serves as a project strategy, but how is this accomplished?
Chapter 9 Solutions
Management Of Information Security
Ch. 9 - Prob. 1RQCh. 9 - Prob. 2RQCh. 9 - Prob. 3RQCh. 9 - Prob. 4RQCh. 9 - Prob. 5RQCh. 9 - Prob. 6RQCh. 9 - Prob. 7RQCh. 9 - Prob. 8RQCh. 9 - Prob. 9RQCh. 9 - Prob. 10RQ
Ch. 9 - Prob. 11RQCh. 9 - What is a performance target, and how is it used...Ch. 9 - List and describe the fields found in a properly...Ch. 9 - Prob. 14RQCh. 9 - Prob. 15RQCh. 9 - Prob. 16RQCh. 9 - Prob. 17RQCh. 9 - Prob. 18RQCh. 9 - Prob. 19RQCh. 9 - Prob. 20RQCh. 9 - Prob. 1ECh. 9 - Prob. 3ECh. 9 - Prob. 4ECh. 9 - Prob. 1DQCh. 9 - Prob. 2DQCh. 9 - Prob. 1EDMCh. 9 - Prob. 2EDMCh. 9 - Prob. 3EDM
Knowledge Booster
Similar questions
- A project plan is a company's information security blueprint, but how does this occur?arrow_forwardAny organization or business that has had to deal witha cyber breach understands the stress that accompanies the process, no matter how well prepared or rehearsed it is for cyber events. All breaches come with a unique set of challenges and requirements. An incident response team often referred to as an IRT, is a team of individuals who are available, are ready, and have the expertise to investigate a data breach. IRT must understand the full scope of the breach to contain it, which typically includes understanding the entire life cycle of the attack. Forensic specialists can provide valuable information to the rest of the IRT team by examining logs, traffic, and systems to gain insight on the full scope of a breach. Discuss what the forensics investigators need to identify to understand how to scope the data breach incident.arrow_forwardInformation security program development and implementation is not a simple process, but it is an absolutely essential and on-going process; particularly if your organization is responsible for maintaining the integrity, availability, and confidentiality of customer information or business-critical data. Explain TWO approaches with the help of a valid diagram to Information Security Implementation in any organization.arrow_forward
- PurposeThis course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.Learning Objectives and OutcomesSuccessful completion of this project will ensure that you can develop draft IT security policies for an organization and apply learning constructs from the course. By the end of this project, you will be able to do the following:Evaluate compliance laws relevant to the U.S. Department of Defense.Assess policy frameworks appropriate for an organization in a given scenario.Evaluate security controls and standards for the seven domains of a typical IT infrastructure.Develop DoD-compliant policies for an organization’s IT infrastructure.Required Source Information and ToolsWeb References: Links to Web references in this document and related materials are subject to change without prior notice. These links were last verified on January 4, 2022. The following tools and resources will be needed to complete this…arrow_forwardPurposeThis course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.Learning Objectives and OutcomesSuccessful completion of this project will ensure that you can develop draft IT security policies for an organization and apply learning constructs from the course. By the end of this project, you will be able to do the following:Evaluate compliance laws relevant to the U.S. Department of Defense.Assess policy frameworks appropriate for an organization in a given scenario.Evaluate security controls and standards for the seven domains of a typical IT infrastructure.Develop DoD-compliant policies for an organization’s IT infrastructure.Required Source Information and ToolsWeb References: Links to Web references in this document and related materials are subject to change without prior notice. These links were last verified on January 4, 2022. The following tools and resources will be needed to complete this…arrow_forwardThe sole purpose of information security is securing the IT infrastructure and resources of an organization. Additionally, it supports the mission and the strategy of the business. When the management analyzes the security cycle, it needs to determine the acceptable and unacceptable security policies to ensure the effectiveness of the security controls. What do you think are the ways in which this can ensure the successful completion of a project?arrow_forward
- When and how does a company develop its information security blueprint, which serves as the project's strategy?arrow_forwardThe MOST important reason for an information security manager to be involved in the change management process is to ensure that: A. security controls drive technology changes. B. potential vulnerabilities are identified. C. security controls are updated regularly. D. risks have been evaluated.arrow_forwardIn the context of organizational structure, the determination of the appropriate placement of the information security function is a decision that should be made by relevant stakeholders within the organization. Why?arrow_forward
arrow_back_ios
arrow_forward_ios
Recommended textbooks for you
Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781285867168Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781305971776Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Fundamentals of Information SystemsComputer ScienceISBN:9781305082168Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Fundamentals of Information SystemsComputer ScienceISBN:9781337097536Author:Ralph Stair, George ReynoldsPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781305082168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning