security management practices
Review Questions
1. What is benchmarking?
Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing. Using this method you follow the recommended or existing practices of a similar organization or industry-developed standards.
2. What is the standard of due care? How does it relate to due diligence?
Due care are the organizations that adopt minimum levels of security to establish a future legal defense may need to prove that they have done what any prudent organization would do in similar circumstances. Due diligence encompasses a requirement that the implemented standards continue to provide the required level of protection. Failure to establish and maintain standards of due care and due diligence can expose an organization to legal liability, if it can be shown that the organization was negligent in its application or lack of application of information protection.
3. What is a recommended security practice? What is a good source for finding such recommended practices?
Recommended security practice are security efforts that seek to provide a superior level of performance in the protection of information are called recommended business practices, or best practices. Security efforts done at their best in the industry are termed best security practices.
The federal government has a web site that allows government agencies to share their best security practices with other agencies. http://csrc.nist.gov originated with Federal Agency Security Project (FASP) that also contains other guidelines, policies, procedures, and practices. These security policies can also be applied in the public and private sectors.
Another source of a web site on recommended security practices is the Computer Emergency Response Team (CERT) at Carnegie Mellon University.
4. What is a gold standard in information security practices? Where can you find published criteria for it?
It is a model level of
1. What is benchmarking?
Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing. Using this method you follow the recommended or existing practices of a similar organization or industry-developed standards.
2. What is the standard of due care? How does it relate to due diligence?
Due care are the organizations that adopt minimum levels of security to establish a future legal defense may need to prove that they have done what any prudent organization would do in similar circumstances. Due diligence encompasses a requirement that the implemented standards continue to provide the required level of protection. Failure to establish and maintain standards of due care and due diligence can expose an organization to legal liability, if it can be shown that the organization was negligent in its application or lack of application of information protection.
3. What is a recommended security practice? What is a good source for finding such recommended practices?
Recommended security practice are security efforts that seek to provide a superior level of performance in the protection of information are called recommended business practices, or best practices. Security efforts done at their best in the industry are termed best security practices.
The federal government has a web site that allows government agencies to share their best security practices with other agencies. http://csrc.nist.gov originated with Federal Agency Security Project (FASP) that also contains other guidelines, policies, procedures, and practices. These security policies can also be applied in the public and private sectors.
Another source of a web site on recommended security practices is the Computer Emergency Response Team (CERT) at Carnegie Mellon University.
4. What is a gold standard in information security practices? Where can you find published criteria for it?
It is a model level of