Lab 1 How to Identify Threats and Vulnerabilities in an It Infrastructure
John Moura
Chapter 2: Planning for Security
Review Questions
1. Describe the essential parts of planning. How does the existence of resource constraints affect the need for planning?
Answer: Organizational planning, described below, and Contingency planning, which focuses on planning or unforeseen events. Organizations must be able to forecast their needs relative to available resources as best they can to insure best decision making.
2. What are the three common layers of planning? How do they differ?
Answer: Strategic – lays out long term goals, Tactical – more short term focus, Operational – daily and on-going operation goals
3. Who are the stakeholders? Why is it important to consider their views when planning?
Answer: Stakeholders are individuals, groups of individuals, or organization that have a ‘stake’ or are affected by organizational decisions. When planning, an organization must take into consideration all stakeholders in order to evaluate planning decisions properly and resourcefully.
4. What is a mission statement? Why is it important? What does it contain?
Answer: Mission statement – explicitly explains what the organizations business is and its intended areas of operations.
5. What is a vision statement? Why is it important? What does it contain?
Answer: Vision statement – expresses what the organization wants to be
6. What is a values statement? Why is it important? What does it contain?
Answer: Values statement – established formal set of organizational principles and qualities of then the organization.
7. What is strategy?
Answer: The process of moving an organization towards its vision by accomplishing its mission.
8. Describe top-down strategic planning. How does it differ from bottom-up strategic planning? Which is usually more effective in implementing security in a large, diverse organization?
Chapter 2: Planning for Security
Review Questions
1. Describe the essential parts of planning. How does the existence of resource constraints affect the need for planning?
Answer: Organizational planning, described below, and Contingency planning, which focuses on planning or unforeseen events. Organizations must be able to forecast their needs relative to available resources as best they can to insure best decision making.
2. What are the three common layers of planning? How do they differ?
Answer: Strategic – lays out long term goals, Tactical – more short term focus, Operational – daily and on-going operation goals
3. Who are the stakeholders? Why is it important to consider their views when planning?
Answer: Stakeholders are individuals, groups of individuals, or organization that have a ‘stake’ or are affected by organizational decisions. When planning, an organization must take into consideration all stakeholders in order to evaluate planning decisions properly and resourcefully.
4. What is a mission statement? Why is it important? What does it contain?
Answer: Mission statement – explicitly explains what the organizations business is and its intended areas of operations.
5. What is a vision statement? Why is it important? What does it contain?
Answer: Vision statement – expresses what the organization wants to be
6. What is a values statement? Why is it important? What does it contain?
Answer: Values statement – established formal set of organizational principles and qualities of then the organization.
7. What is strategy?
Answer: The process of moving an organization towards its vision by accomplishing its mission.
8. Describe top-down strategic planning. How does it differ from bottom-up strategic planning? Which is usually more effective in implementing security in a large, diverse organization?