Chapter 1 – Introduction to the Management of Information Security
Review Questions
1. A globally interconnected commercial world has emerged from the technical advances that created the Internet. Has its creation increased or decreased the need for organizations to maintain secure operation of their systems? Why?
Answer: As Internet use continues to rise, the amount of “malicious entities” is also rising. As “malicious entities” grow and become more numerous, the probability that an organization could receive a threat increases.
2. Which trend in IT has eliminated the “we have technology people to handle technology problems” approach as method for securing systems?
Answer: NSTISSC Security Model …show more content…
The everyday definition focuses on freedom of observation. The significant point to this is that what the user creates, their data is private to them, unless specified otherwise. Also, privacy and security are redundant terms, because lack of privacy is a necessary policy to increase information security.
11. Define the InfoSec processes of identification, authentication, authorization, and accountability.
Answer: Identification - Information systems possesses the characteristic of identification when they are able to recognize individual users which is essential to establishing the level of access or authorization that an individual is granted
Authentication - occurs when a control provides proof that a user possesses the identity that he or she claims
Authorization - provides assurance that the user (whether a person or a computer) has been specifically and explicitly authorized by the proper authority to access, update, or delete the contents of an information asset
12. What is management and what is a manager? What roles do managers play as they execute their responsibilities?
Answer: management – “a process of achieving objectives using a given set of resources” Manager – “member of the organization assigned to marshal and administer resources, coordinate the completion of tasks, and handle the many roles necessary to complete the desired objectives.” Managers play informational roles,