Submitted by: Submitted by KDCurry21
Views: 10
Words: 850
Pages: 4
Category: Other Topics
Date Submitted: 02/10/2016 02:42 PM
KaDarius Curry
CIST 1601
2/3/16
Chapter 4 Review Questions
2. Where can a security administrator find information on established security
frameworks? A security administrator can look in the Information Technology: Code of Practice
for Information Security Management, ISO 17799/BS 7799, the NIST Security Models including
the SP 80012, 14, 18, 26, and 30, and the VISA Intermatic Security Model are all a few
available sources of established security frameworks.
4. What are the inherent problems with ISO 17799, and why hasnt the United States adopted it?
What are the recommended alternatives? ISO/IEC 17799 lacks the “necessary measurement
precision of a technical standard.” ISO/IEC 17799 is known to have been quickly prepared given
the huge impact its adoption could have on industry information security controls. The
recommended alternative is to use many documents available from the Computer Security
Resource Center of the National Institute for Standards and Technology.
6. What benefit can a private, forprofit agency derive from best practices designed for federal
agencies? The Federal Agency Security Practices is a popular place to look up the best practices,
it is designed to provide the best practices for public agencies but their practices can be adapted
easily to private institutions. Private organizations can take advantage of best practices designed
for federal agencies by adapting many of the same methodologies and practices into its own
organization.
8. Briefly describe management, operational, and technical controls, and explain when each
would be applied as part of a security framework,
Management Controls are security processes that are designed by strategic planners and
implemented by the security administration of the organization.These controls address risk
management and security control reviews, describe the necessity and scope of legal compliance, ...