Chapter 1 – Introduction to the Management of Information Security
1. A globally interconnected commercial world has emerged from the technical advances that created the Internet. Has its creation increased or decreased the need for organizations to maintain secure operation of their systems? Why?
Answer: As Internet use continues to rise, the amount of “malicious entities” is also rising. As “malicious entities” grow and become more numerous, the probability that an organization could receive a threat increases.
2. Which trend in IT has eliminated the “we have technology people to handle technology problems” approach as method for securing systems?
Answer: NSTISSC Security Model …show more content…
11. Define the InfoSec processes of identification, authentication, authorization, and accountability.
Answer: Identification - Information systems possesses the characteristic of identification when they are able to recognize individual users which is essential to establishing the level of access or authorization that an individual is granted
Authentication - occurs when a control provides proof that a user possesses the identity that he or she claims
Authorization - provides assurance that the user (whether a person or a computer) has been specifically and explicitly authorized by the proper authority to access, update, or delete the contents of an information asset
12. What is management and what is a manager? What roles do managers play as they execute their responsibilities?
Answer: management – “a process of achieving objectives using a given set of resources” Manager – “member of the organization assigned to marshal and administer resources, coordinate the completion of tasks, and handle the many roles necessary to complete the desired objectives.” Managers play informational roles,