10 Questions
What are the key considerations when developing a security plan?
Who generates and controls the information, existing policies, possible enhancements, acceptable risk levels, and the cost of potential risks.
What is the purpose of developing an implementation plan for security?
To outline the action steps for achieving security plan goals and to determine the necessary tools, technologies, policies, and procedures.
What is the role of the Security Organization Team in implementing the security plan?
To educate and train users, keep management aware of security threats, maintain the chosen security tools, and administer access controls, authentication procedures, and authorization policies.
What is the purpose of performing an MIS audit in the context of security?
To examine the firm's overall security environment, review technologies, procedures, documentation, training, and personnel, and assess control weaknesses and their potential impact.
Give an example of an authorization management system and its purpose.
An example can be found at https://www.novell.com/documentation/password_management31/ and its purpose is to determine different levels of access to information for different users.
What are the steps involved in building an IT Security Plan?
Risk Assessment, Develop an IT Security Policy, Security Audit, Create a Security Organization, Implementation Plan
What is the first step in performing a Risk Assessment for a security plan?
Inventory the assets related to information and knowledge
What is the second step in performing a Risk Assessment for a security plan?
Estimate the value of money involved for each asset, and the value of probability of the loss occurring
What does a Security Policy prioritize and identify?
Prioritizes information risks, identifies acceptable risk targets, and identifies the mechanisms for achieving targets
What are the nature of the risks that firms must cover in their corporate IT policy?
The nature of the risks, the information assets to protect, procedures to address the risk, implementation, and auditing mechanism
Learn about the development of management policies related to IT security and the steps involved in building an IT security policy. Understand risk assessment, information asset protection, risk addressing procedures, implementation, and auditing mechanisms.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
