Can someone help me with the following problems please?
1. How can a security framework assist in the design and
implementation of a security infrastructure? What is information
security governance? Who in the organization should plan for
it?
2 What are the issues associated with adopting a formal framework
or model?
3. What benefit can a private, for-profit agency derive from best
practices designed for federal agencies?
4. What are the differences between a policy, a standard, and a
practice? What are the three types of security policies? Where
would each be used? What type of policy would be needed to guide
use of the Web? E-mail? Office equipment for personal use?
Question:-1. How can a security framework
assist in the design and implementation of a security
infrastructure?
By creating or validating an existing security blueprint
for the implementation of needed security controls to protect the
information assets. A framework is the outline from which a more
detailed blueprint evolves.
What is information security governance?
Governance is “the set of responsibilities and practices
exercised by the board and executive management with the goal of
providing strategic direction, ensuring that objectives are
achieved, ascertaining that risks are managed appropriately and
verifying that the enterprise’s resources are used
responsibly.”
Who in the organization should plan for it?
The board of directors or trustees, the senior
organizational executive, executive team members, senior managers,
and all employees and users.
Question:-2 What are the issues associated with adopting a
formal framework or model?
A framework must be customized to fit the individual
enterprise's needs.
Each environment is unique there for just adopting and not adapting
the model or framework may not be the best solution.
Question:-3. What benefit can a private, for-profit agency derive
from best practices designed for federal agencies?
They can adapt many of the same practices into its own
agency. They can help them put together the desired outcome of the
security process.
Question:-4. What are the differences between a policy, a standard,
and a practice? What are the three types of security policies?
Where would each be used? What type of policy would be needed to
guide use of the Web? E-mail? Office equipment for personal
use?
A policy is a plan or course of action to convey
instructions from an organization’s senior-most management to those
who make decisions, take actions, and preform other duties. Polices
are put in place to support the mission, vision and strategic
planning. Policy would be used in top-down management approach.
Additionally, policies are similar to the organization’s
laws.
Differing from policy is standards, more detailed
statements of what must be done to comply with the policy.
Standards may be informal as in de facto standards or
formal as in de jure standards.
Practice is driven by standards and includes
detailed steps required to meet the requirements of
standards.
Three types of security policies are :-----
EISP(Enterprise Information Security policies)which is
used to support the mission, vision and direction of the
organization and sets the strategic direction, scope and tone for
all security efforts.
ISSP(Issue-specific security policies)is used to
support routine operations and instructs employees on the proper
use of these technologies and processes.
SysSp(System-specific security policies)is used as
a standard when configuring or maintaining systems. ISSP policy
would be needed to guide the use of the web, email and use of
personal use of office equipment.
Can someone help me with the following problems please? 1. How can a security framework assist...
Please choose 5 questions from 20 and answer them. 1. How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it? 2. Where can a security administrator find information on established security frameworks? 3. What is the ISO 27000 series of standards? Which individual standards make up the series? 4. What are the issues associated with adopting a formal framework or model? 5....
If an organization is going to have a chance at a successful security program they need to develop policies that provide direction for all security efforts and guide the conduct of the users. These policies need to be well written to provide the organization with solid guidance to support their security objectives. Identify and briefly describe the three types of security policies. Your response should include a discussion of where each should be used. Where should policy writers look to...
The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...
The purpose of security policies is to help mitigate identified risks. Writing these policies is easier once you have created an asset inventory list, prioritized that list, and identified the major risk exposures found in those assets. The task of identifying your IT assets begins with recognizing that your IT infrastructure and supporting resources can be divided into the seven IT domains. The benefit of identifying the assets and prioritizing them across those domains is being able to document policies...
Hello, Need my paper proof read, I have problems with my paper structure. I need help with my flow as I feel as if my analysis is not iter mixing with the my paper. For example currently I have citation, citation, example, then my analysis. I need help restructure my paper for better flow. I have copied and pasted my paper for review below: Smart home devices have been a growing trend in the Canadian market with approximately 18% of...
Needing help understanding the following questions. can someone please explain? $1.60 $1.55 $1.50 $1.45 $1.40 $1.35 $1.30 Price of Green Leaf Lettuce ($ per Pound) $1.60 $1.55 $1.50 $1.45 $1.40 $1.35 U.S. Price $1.30 $1.25 $1.20 Northeast Supply Northeast Demand $1.25 $1.20 $1.15 $1.10 Rest of U.S. Supply Rest of U.S. Demand $1.15 $1.10 Quantity of Green Leaf Lettuce (Billion Pounds Northeast U.S. 6 78 9 10 Quantity of Green Leaf Lettuce (Billion Pounds ) Rest of U.S. 5. Choose...
can someone please help me with an introduction paragraph and a summary of the whole article. us. Trump Didn't Kill the Global Trade System. He Split It in Two. Allies find relations modestly tweaked despite the president's rhetoric, while relations with China are entering a deep freeze By Greg Ip Dec. 26, 2018 1136 am. ET When Donald Trump entered the White House on a platform of defiant nationalism nearly two years ago, many feared he would dismantle the global...
Hi can you help me make a summary about this short article and how it affects me economically as US citizen ? Supported by Federal Shutdown’s Uneven Toll: Some Americans Are Devastated, Others ObliviousFederal Shutdown’s Uneven Toll: Some Americans Are Devastated, Others Oblivious “It has been terrible,” said Andrea Caviedes, a furloughed loan processor in the Agriculture Department’s rural development program.CreditMichael B. Thomas for The New York Times Image “It has been terrible,” said Andrea Caviedes, a furloughed loan processor...
Can someone please help me write an introduction paragraph and summary of this article. The New Bjork Times ECONOMIC VIEW Trump's Tariffs Haven't Really Transformed Trade. Yet. By Justin Wolfers Nov. 21, 2018 President Trump's protectionist impulses have upended the global debate about international trade. But so far, his policies have barely changed a fundamental reality: The United States is still less protectionist than it has been throughout most of its history or than most nations are today Even if...
1.Write 2 pages on the history of Kevin Mitnick, what he was accused of doing, how he was caught, and his punishment. 2.How did this case affect the legal system and hacking? (at least a paragraph) 3.Do you think that Kevin Mitnick acted ethically? 4.Do you think that his punishment was severe enough? 5.How do you feel about his current occupation? Below is the whole answer. Help me to answer the answer to each question, then please give me a...