Security Policies and Functional Organizations

Questions and Answers

What is the purpose of a security management model?

To determine the financial impact of security policies

To provide detailed instructions on how to implement security policies

To describe what should be done to provide a secure environment for the organization (correct)

To list all the security breaches that may occur in an organization

What are the types of policies described in the text?

Flexible, scalable, and robust policies

Policies for small, medium, and large organizations

Security, financial, and social policies

Vary by the scope of their policies, what they affect, and who they affect (correct)

What does the text suggest about rules in large organizations?

Rules in large organizations are sensible but not arguable

Large organizations do not have any rules for employees

The text does not make any suggestions about rules in large organizations

All rules apply equally to all employees in large organizations (correct)

Why are security policies considered critical for a functional organization?

To provide a secure working environment for the organization

What is the recommended characteristic of a security management model for an organization?

Generic and descriptive but not flexible

What does the text recommend when choosing a security management model?

Pick a model that is generic, scalable, and sufficiently detailed

What is the first step in developing security management policies, standards, and practices?

Choosing a security management model

What is referred to as the 'security blueprint' in the context of security management models?

The customized version of the security model for an organization

What might be the reason for having to use a specific security model selected by upper management?

Model being pre-selected by another part of the organization

What is the main focus of Security Education, Training, and Awareness (SETA) programs?

Educating, training, and increasing awareness about security

What is incident containment in the context of security management?

Containing incidents within a specific area

What should an organization create during the development of their security blueprint?

An outline to follow

What is the purpose of creating a custom version of a security model for an organization?

To adapt the model to the organization's needs

What might be considered as goals rather than guaranteed benefits in SETA programs?

The three main benefits offered by SETA programs

What does the text advise organizations to examine when choosing a security model?

'Security management models' available