Foundation Information Security Chap 6 Review Questions

Review Questions

1. How can a security framework assist in the design and implementation of a security

infrastructure? What is information security governance? Who in the organization

should plan for it?

Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets.  A framework is the outline from which a more detailed blueprint evolves.  The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies.  The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years.  The blueprint is used to plan the tasks to be accomplished and the order in which to proceed.

Governance is “the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.”

The highest levels of an organization’s management team in order to be effective and sustainable.

2. Where can a security administrator find information on established security

frameworks?

Code of Practice for Information Security Management, ISO 17799/BS 7799 as well as ISO 17799/BS 7799, the NIST Security Models including the SP 800-12, 14, 18, 26, and 30, and the VISA International Security Model are just a few of the established security frameworks available.

3. What is the ISO 27000 series of standards? Which individual standards make up the

series?

ISO 27000 SeriesStandard | Pub Date | Title or Topic | Comment |

27000 | 2009 | Series Overview and Terminology | Defines terminology and vocabulary for the standard series |

27001 | 2005 | Information Security ManagementSystem Specification...