Preview

ISM3321 M4A1

Good Essays
Open Document
Open Document
916 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
ISM3321 M4A1
1. How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it?

A security framework can essentially provide an outline of the steps needed to be taken in order to effectively implement security with an organization. Governance is a set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction.It is the executive management's responsibility to provide strategic direction, ensure the accomplishment of objectives, oversee threat risks are appropriately managed.
2. Where can a security administrator find information on established security frameworks?

A security administrator can go find information on an established security framework by looking at the security blueprint that is either adopted or adapted to by organizations.

3. What is the ISO 27000 series of standards? Which individual standards make up the series?

The ISO 27000 series is the most widely referenced security models in the information technology-code of practice for information security management. ISO 27001: for creating information security management systems (ISMS).

4. What are the inherent problems with ISO 17799, and why hasn't the United States adopted it? What are the recommended alternatives?

The global information security community has not defined any justification for a code of practice as was identified in the ISO 17799. ISO 17799 lacked the necessary measurement precision of a technical standard. There is no reason to believe that ISO 17799 was more useful than any other approach. The ISO 17799 was not as complete as other framework.

5. What documents are available from the NIST Computer Resource Center, and how can they support the development of a security framework?

Other approaches are described in the many documents available from the Computer Security Resource Center of the

You May Also Find These Documents Helpful

  • Better Essays

    Swanson, M. (2006, February). Guide for Developing Security Plans for Federal Information Systems. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-final.pdf…

    • 4134 Words
    • 12 Pages
    Better Essays
  • Powerful Essays

    IS3110 U5L1

    • 912 Words
    • 4 Pages

    One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.…

    • 912 Words
    • 4 Pages
    Powerful Essays
  • Good Essays

    This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.…

    • 801 Words
    • 4 Pages
    Good Essays
  • Powerful Essays

    IS3550 Final Project

    • 4998 Words
    • 19 Pages

    The purpose of this paper is to develop an information security policy that defines the requirements to make our organization's computer network compliant with National Institute of Standards and Technology (NIST) Security Standards. NIST regulations and instructions were reviewed in order to develop the requirements that are stated in this policy. The source documents used can be found in the references section.…

    • 4998 Words
    • 19 Pages
    Powerful Essays
  • Powerful Essays

    INF 325 Week 1: A Case Study

    • 2472 Words
    • 10 Pages

    Olzak, T. & Bunter, B. (2010, May 07). Security basics - components of security policies. Bright…

    • 2472 Words
    • 10 Pages
    Powerful Essays
  • Better Essays

    Cmgt400 Week3

    • 1493 Words
    • 6 Pages

    References: 1. (2010). Principles of Computer Security: CompTIA Security+ and Beyond (2nd ed.). : McGraw-Hill.…

    • 1493 Words
    • 6 Pages
    Better Essays
  • Satisfactory Essays

    NT2580

    • 1232 Words
    • 14 Pages

    ISS Information Systems Information NT2580 Introduction to Information Security © ITT Educational Services, Inc. All rights reserved. Page 5…

    • 1232 Words
    • 14 Pages
    Satisfactory Essays
  • Powerful Essays

    Cyber-security demands are ever increasing in the field of Information Technology with the globalization of the internet. Disruptions due to cyber-attacks are affecting the economy, costing companies billions of dollars each year in lost revenue. To counter this problem corporations are spending more and more on infrastructure and investing to secure the cyber security vulnerabilities which range anywhere from software to hardware to networks and people that use them. Due to the complexity of information systems that interact with each other and their counter parts, the requirement to meet specific cyber security compliances have become a challenging issues for security professionals worldwide. To help with these issues, security professionals have created different standards and frameworks over the years for addressing this growing concern of vulnerabilities within enterprise systems and the critical information they hold (“Critical Security Controls,” n.d.).…

    • 3199 Words
    • 8 Pages
    Powerful Essays
  • Better Essays

    Cmgt 400 Week 2

    • 1100 Words
    • 3 Pages

    Conklin, A., White, G., Williams, D., Davis, R., & Cothren, C. (2012). Principles of Computer Security: CompTIA Security+ and Beyond (Exam SY0-301) (3rd ed.). New York, NY: McGraw-Hill Company.…

    • 1100 Words
    • 3 Pages
    Better Essays
  • Better Essays

    Which of the following standards gives detailed descriptions of IT practices and comprehensive checklists, tasks, and procedures that can be tailed by IT organizations to fit their needs?…

    • 778 Words
    • 4 Pages
    Better Essays
  • Powerful Essays

    Final: Security and Network

    • 3275 Words
    • 11 Pages

    This examination is worth 20 percent of your total grade. There are five questions, and the maximum point values are included with each question.…

    • 3275 Words
    • 11 Pages
    Powerful Essays
  • Good Essays

    Information Security Governance can be defined specifically as the methods and processes that an organization or business will utilize as a means of controlling their IT Security Management program. There is an important distinction which needs to be made however as governance should be considered as separate from IT Security Management as a discipline that is based around the need to identify and control risks.…

    • 1212 Words
    • 5 Pages
    Good Essays
  • Satisfactory Essays

    Discussion 1

    • 396 Words
    • 2 Pages

    A security policy defines limitations on individual behavior or system performance and details activities that are permitted, controlled or prohibited within the company. In order for policies to be effectual, senior management must endorse them, they must be communicated to all employees, undergo recurring reviews, and be assessed for usefulness. A security program encompasses all of the required pieces necessary to successfully protect a business. It should include policies, requirements, standards and procedures. Security plans should be operative at all levels of a corporation to be effective. Management should communicate a formal explanation of what is acceptable by all employees. Management should also clearly dictate what the consequences of noncompliance are. Organizations can use the ISO-27002:2005 as an outline to create a security policy.…

    • 396 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    ISP Survey

    • 1455 Words
    • 5 Pages

    References: Cichonski, P., Millar, T., Grance, T., Scarfone, K. (2012). NIST SP 800-61: Computer Security Incident Handling Guide. National Institute of Standards and Technology. Rev. 2. Retrieved from National Institute of Standards and Technology.…

    • 1455 Words
    • 5 Pages
    Powerful Essays
  • Better Essays

    In the field of policing there are a couple different paths for an individual to choose from and they include private security and public policing. State government, city government, and towns normally provide the community with a public police force to enforce the laws and protect the citizens. Police officers are very important within a community but sometimes a private security can come in and help out and this frees up time for the public policing. Private security personnel generally work for a private company that handles their own dispatching, training and recruiting. Private security functions include loss-prevention duties or protective services that would not be handled by public policing. Private security also specializes in closed circuit monitoring services, secret level clearance, drive by patrol. Private security does not have the authority to arrest anyone either; however they can detain until law enforcement get there. Public policing officers are a function of the executive branch of government. Public officers are paid entirely from public funds that generate from grants, public sources, and revenues from taxes. Most private security organizations are paid from collecting a fee from their client. It is not uncommon for private security to go undercover like public police also, so that they can blend in the environment and be used as asset protection. The goals and training of private security and public policing are similar to each other. Private security and public policing are unique and successful in their own ways. The way that the private security and public policing organizations function and interact within each other is different; however they both function with leadership. The differences in public policing and private security would include the duties of the job. Police officers duties include responding to emergency calls, patrol public streets and monitor the…

    • 1225 Words
    • 5 Pages
    Better Essays