We’ve updated our privacy policy so that we are compliant with changing global privacy regulations and to provide you with insight into the limited ways in which we use your data.
You can read the details below. By accepting, you agree to the updated privacy policy.
Thank you!
View updated privacy policy
We've encountered a problem, please try again.
Module 12 Review Questions:2. Who decides if the information security
program can adapt to change adequately?
Get answer to your question and much more
4. What are the three primary aspects of information security risk management? Why
iseach important?
Get answer to your question and much more
6. What changes need to be made to the model in SP 800-100 to adapt it for use in
securitymanagement maintenance?
Get answer to your question and much more
8. What is vulnerability
assessment?
Get answer to your question and much more
Chapter 12, Principles of Information Security, Sixth EditionChapter 12 Answers to Review Questions and ExercisesReview Questions1.List and define the factors that are likely to shift in an organization’s information security environment.
2.Who decides if the information security program can adapt to change adequately?
3.List and briefly describe the five domains of the general security maintenance model, as identified in the text.
Chapter 12, Principles of Information Security, Sixth Edition4.What are the three primary aspects of information security risk management? Why is each important?
In addition to assessing whether the information security program can adapt to change adequate manner and maintain the baseline profile of information security, the CISO also determines whether fundamental changes need to be made. learned studied 20 terms!
Who decides if the information security program can adapt to
change adequately?determines whether the information security program can adapt to change effectively? ? In order to make an information security program adaptive to changing requirements, CISOs make a decision about whether the SecSDLC process needs to be started from the scratch.
Which of the following best describes a set of security tests and evaluations that simulate attacks by a hacker or other malicious external source?It consists of a set of security
tests and tests to evaluate whether your system and data are vulnerable to hackers or other malicious external sources.
What is the primary goal of the vulnerability assessment and remediation?Security weaknesses in IT infrastructure are identified, quantified, and analyzed through vulnerability assessment, also referred to as vulnerability analysis. In most cases, the priority of the VA is to find security and operational flaws that threaten an organization.
What is the primary objective of the readiness and review domain of the maintenance model?In the readiness and review domain, the primary goal is to make sure that data security programs continue to function and improve as designed.
Is the component of the maintenance model that focuses on evaluating external threats to the organization's information assets?Those tasks within the maintenance model focused on assessing external
threats to an organization's information assets are termed external monitoring.
What is the primary focus of a vulnerability assessment?Performing a Vulnerability Assessment is intended to provide an overview of a network's security risks and then act on the insights from this overview in achieving security. An organization's network can be secured at a baseline by performing routine assessments and resolving all security risks.
What
are the three main aspects of information security risk management?CIA triad is composed of confidentiality, integrity, and availability, which comprise an information security model.
What is information security maintenance?A security system's maintenance involves periodic testing of all the components, such as cameras, detectors, computers, circuits, lighting systems, etc. to ensure that they are working properly. A corrective maintenance program is next
used to correct or repair malfunctioning systems.
What is the primary goal of the vulnerability assessment and remediation domain of the maintenance model?Vulnerability assessment and remediation domain of the maintenance model is intended to help identify vulnerabilities and eliminate them. How important is this Internet presence? Pourquoi? ? A primary objective is identifying specific, documented vulnerabilities and remediating them as soon as possible.
Which of the following tools can be used to view and modify DNS server information in Linux?A tool or service that identifies DNS queries is called nslookup. Provides IP address conversion for domains and hosts. There are two ways of using nslookup: interactively or non-interactively.
Which of the following is a key advantage of the bottom up approach?By using bottom-up planning, team members, i.e. Project participants are
involved in planning and decision making, and their ideas are considered directly. By doing so, teams will be able to communicate more effectively, build great teams, and empower each other.
What is the primary goal of the vulnerability assessment?Identify, catalogue, and prioritize the vulnerabilities present within an environment is the primary goal of being able to conduct a vulnerability assessment. A remediation plan is being developed to reduce the risk
level of the identified issues.
What is the purpose of vulnerability assessment?An information system vulnerability assessment evaluates the security flaws of the system as a whole. During this process, it assesses whether the system is susceptible to known vulnerabilities, classes those vulnerabilities by severity, and determines remediation or mitigation measures to take if necessary.
What is the importance of vulnerability
assessment and risk remediation?Performing a vulnerability assessment helps to reduce the chances of an attacker being able to compromise an organization's IT systems. This process can identify the assets and their vulnerabilities, as well as help an organization determine the total risk.
What are three primary aspects of information security risk management?A governance model for information security. A lifecycle for the development of systems. We must be
aware and trained. The planning and control of capital investments. A system that is interconnected. These are measures of performance. The security planning process. Plan for contingencies in information technology.
What is the objective of the planning and risk assessment domain of the maintenance model and why is this important?Is it s important? Planning and risk assessment are primary objectives of the planning and risk assessment domain, according to our
text. Part of this process consists of determining and monitoring ongoing information security activities.
[starbox]
Who is generally involved in a vulnerability assessment?
It's typically a joint effort by security staff, development and operations teams, who determine the most effective path for remediation or mitigation of each vulnerability. Specific remediation steps might include: Introduction of new security procedures, measures or tools.
What are the five domains of the general information security maintenance model as identified in the text?
The five domains of the security maintenance model are external monitoring, planning and risk assessment, internal monitoring, readiness and review, and vulnerability assessment and remediation.
What other components of security management can be adapted for use in the security management model?
A component that could be adapted for use in the security management model is a firewall that serves dual roles to keep external intrusion from entering an organizations internal data, and prevent internal users from accessing that same data.
Why maintenance of the information security program is needed on an ongoing basis?
It requires ongoing maintenance and continual improvement, which ensures that policies and procedures are kept up to date, resulting in better protection for your sensitive information.
