Introduction to Information Security: Review Questions

11. Why is the top-down approach to information security superior to the bottom-up approach?

The top-down approach is considered superior as it is initiated by upper-level managers. This has significance since acceptance by senior management is considered key and vital to the success of an information security program implementation.

12. Why is a methodology important in the implementation of information security? How does a methodology improve the process?

A methodology is a set of steps that has been defined in order to complete a project. By following an implementation methodology you help assure that all the necessary steps are followed. This helps improve the chances of a successful outcome.

13. Which members of an organization are involved in the security system development life cycle? Who leads the process?

The SecSDLC information security project team consists of the following roles: Champion, Team leader, Security policy developers, Risk assessment specialists, Security professionals, System administrators, and End users. The team leader usually leads the process.

14. How can the practice of information security be described as both an art and a science? How does security as a social science influence its practice?

Since Information Security is highly complex there is no universally accepted complete solution, therefore applying security components is similar to the way an artist would apply paint onto a canvas. A bit here and a bit there until the picture as a whole is revealed to the viewer. However, from a scientific standpoint, all the systems were developed by computer scientists and engineers. Most information security weaknesses can be traced to a specific issue in a piece of hardware or software.

Social science perspective takes into account how various individuals interact with the computer systems. Security can be improved by understanding how user interactions and providing proper...