Chapter 5 - Principles of Information Security

ITS Chapter 5

Review Questions

1. How can a security framework assist in the design and implementation of a security infrastructure?

Answer: Security framework is the overall plan for information security measures. It is a general outline that can easily be altered to an organization security needs. Elements that can protect the infrastructure should be included such as; a security perimeter, which protects the internal systems from external attacks.

What is information security governance?

Answer: Information security governance is the direction, accomplishment of goals, risk management, and responsible resource usage to the information security function.

Who in the organization should plan for it?

Answer: The organizations management team is responsible for information security governance.

2. Where can a security administrator find information on established security frameworks?

Answer:

The security administrator can find information from government sources or other organizations.

3. What is the ISO 27000 series of standards? Which individual standards make up the series?

Answer:

The ISO 27000 series are a set of security models adopted as a standard international framework for information security. The Plan-Do-Check-Act cycle are the standards that make up the ISO/IEC series.

4. What are the inherent problems with ISO 17799, and why hasn’t the United States adopted it? What are the recommended alternatives?

Answer:

Some of the problems with ISO 17799 a few countries pointed out was no justification for a code of practice, not enough precision with the technical standards, not outstanding or complete as compared to other frameworks, and it was hurriedly prepared for such an important framework. The alternative is to use the ISO/IEC framework series as an assessment tool, and not as a security framework. Another alternative is to use other security frameworks such as the NIST security framework which has been widely reviewed by...