Briefly describe management, operational, and technical controls, and explain when each would be applied as part of a security framework.
ANSWER:
GIVEN THAT:
THE BRIEFLY DESCRIBING THE MANAGEMENT CONTROLS OPERATIONAL CONTROLS AND TECHNICAL CONTROLS:
A. MANAGEMENT CONTROL:
B. OPERATIONAL CONTROL:
C. TECHNICAL CONTROL:
A. MANAGEMENT CONTROL:
1. Management controls set the direction and scope of the security process and provide detailed instructions for its conduct, as well as addressing the design and implementation of the security planning process and security program management.
2. They also address risk management and security control reviews, describe the necessity and scope of legal compliance, and set guidelines for the maintenance of the entire security life cycle.
3. Managerial controls are security processes that are designed by strategic planners and implemented by the security administrators for an organization.
4. Management controls set the scope and direction of security processes and provide detailed instructions for their conduct.
5. They also address the design and implementation of planning processes and security program management.
B. OPERATIONAL CONTROL:
1. Operational controls are management and lower-level planning functions that deal with the education, operation of security in the organization, such as disaster recovery, incident response planning, personnel,
2. physical security,and the protection of hardware and software systems maintenance and the integrity of data.
3. Operational Controls are management and lower-level planning functions that deal with the operation functionality of security in an organization, such as disaster recovery and incident response planning.
4. They cover personnel and physical security, as well as protection of inputs and outputs.
5. Operational controls guide the development of education and training for personnel security, hardware and software maintenance, and data integrity.
C. TECHNICAL CONTROL:
1. Technical controls are the tactical and technical implementations of security in the organization.
2. They include logical access controls, such as identification, authentication, authorization,accountability (including audit trails), cryptography, and the classification of assets and user.
3. Technical controls are the tactical and technical implementation of security in an organization. These are the actual controls and equipment put in place to implement security.
4. They include logical access controls, such as identification, authentication, authorization, accountability, cryptology and classification of assetsand users.
Briefly describe management, operational, and technical controls, and explain when each would be applied as part...
Please choose 5 questions from 20 and answer them.
1. How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it? 2. Where can a security administrator find information on established security frameworks? 3. What is the ISO 27000 series of standards? Which individual standards make up the series? 4. What are the issues associated with adopting a formal framework or model? 5....
The COSO framework has become a big part of both internal management and accounting activities, as well as important to financial statement auditors... a) Briefly describe the PURPOSE or GOAL of internal controls and COSO. b) In no more than 2 sentences each - describe the 3 broad objectives in the COSO framework and how much Auditors care/concern about each objective (e.g. 1 sentence on each objective and 1 sentence on how much Auditor cares/concerns).
Identify the 6 major steps in an operational analysis and briefly describe what each step is trying to accomplish.
9. Impact of occurrence of a risk depends upon? design and operational effectiveness of controls. directive and preventive controls. detective and corrective controls. Stress tests. The correct answer is ___ 10. Role of controls in mitigating risk depends upon: design and operational effectiveness of controls. directive and preventive controls. detective and corrective controls. scenario analysis. The correct answer is ___ 11. Which of the following would be operational risk manager’s MAJOR concern when a firm introduces major layoffs during a...
In energy management explain briefly how energy audits would be carried out for each of the following Lighting Electric motors Water heaters HVAC equipment
When performing a gap analysis, one must have an understanding of the desired future or "to be" state. For cybersecurity focused gap analyses, we frequently use IT security controls as the means by which we describe the "to be" (or "should be") state of IT systems and Information Security Management Programs. There are a variety of guidance documents which list and define sets of security controls. Each of these documents or sets of controls has an underlying framework. One of...
1. Briefly describe the names and important functions of each part of the oscilloscope and function generator. 2. List the advantages and disadvantages of using the oscilloscope as an alternating current voltmeter (AC voltmeter) ‘in detail’. 3. Summarise the names and important functions of the multimeter and power supply parts. 4. Sine wave at function generator 1) When Vpp = 5V, the 1kHz and 10kHz waveforms are displayed. 2) When Vpp = 10V and 1 kHz and 10 kHz waveforms...
a) Explain Shannon's diagram in your own words. Be specific and technical. b) Briefly compare and contrast the current Internet with the "old" PSTN (public switched telephone network) in terms of being a "universal service". c) Briefly compare and contrast the telegraph and the Internet. d) Explain, with your own diagrams and in your own words, the idea of modulating a carrier wave and why it is significant in communications systems. e) Briefly describe HTML, CSS, and JS. Then construct...
What is project management? Briefly describe each of the five process groups. Additionally, what is the SDLC? Describe, compare and contrast the predictive (traditional waterfall) model and the adaptive (agile) model.
Briefly describe framing. What affect would framing have on an expected utility maximizer’s preferences? Briefly explain.