You are to answer 5 out of the 20 chapter Review Questions found on pages 246- 247. Create a MS Word document, name the file Ch4_YourLastName (ex: Ch4_S) and submit in the provided area of Canvas. Remember yes or no answers will not work, the minimum requ

Nyzhfnyynz2
timer Asked: Nov 18th, 2019

Question Description

You are to answer 5 out of the 20 chapter Review Questions found on pages 246- 247. Create a MS Word document, name the file Ch4_YourLastName (ex: Ch4_S) and submit in the provided area of Canvas. Remember yes or no answers will not work, the minimum requirement for each question is 1 paragraph (at least 4 sentences). More is welcome if needed. Be sure to number the questions you are answering for example:

5.

8.

10.

15.

18.

Unformatted Attachment Preview

ll AT&T 10:33 PM @ 32% < Principles of Information Security... заась о слио с элэгсэд иог исэг типисалс, гипс с сопозиц- egies are defend, transfer, mitigate, accept, and avoid. The economic feasibility study determines the costs associated with protecting an asset. The formal documentation process of feasibility is called a cost benefit analysis. Benchmarking is an alternative method to the economic feasibility analysis that seeks out and studies the practices used in other organizations that produce the results desired in an organization. The goal of information security is to reduce residual risk, the amount of risk unaccounted for after the application of controls and other risk management strategies, to an acceptable level. Review Questions 1. What is risk management? Why is the identification of risks, by listing assets and their vulnerabilities, so important to the risk management process? 2. According to Sun Tzu, what two key understandings must you achieve to be successful in battle? 3. Who is responsible for risk management in an organization? Which community of interest usually takes the lead in information security risk management? 4. In risk management strategies, why must periodic review be a part of the process? 5. Why do networking components need more examination from an information security perspective than from a systems development perspective? 6. What value does an automated asset inventory system have for the risk identification process? 7. What information attribute is often of great value for local networks that use static addressing? 8. Which is more important to the systems components classification scheme: that the asset identification list be comprehensive or mutually exclusive? பேரம் கோடி பனை கானா பாசேயனமாடிப்பாக பகவாசையானால், வரையான கர்மவிபோபாகானோரனமாக பார்ககம் 168 Chapter 4 9. What's the difference between an asset's ability to generate revenue and its ability to generate profit? 10. What are vulnerabilities? How do you identify them? 11. What is competitive disadvantage? Why has it emerged as a factor? 12. What are the strategies for controlling risk as described in this chapter? 13. Describe the defend strategy. List and describe the three common methods. 14. Describe the transfer strategy. Describe how outsourcing can be used for this purpose. 15. Describe the "mitigate" strategy. What three planning approaches are discussed in the text as opportunities to mitigate risk? 16. How is an incident response plan different from a disaster recovery plan? 17. What is risk appetite? Explain why risk appetite varies from organization to organization. 18. What is a cost benefit analysis? 19. What is the definition of single loss expectancy? What is annual loss expectancy? 20. What is residual risk? Exercises 1. If an organization has three information assets to evaluate for risk management, as shown in the accompanying data, which vulnerability should be evaluated for addi- tional controls first? Which one should be evaluated last? Data for Exercise 1: • Switch L47 connects a network to the Internet. It has two vulnerabilities: it is susceptible to hardware failure at a likelihood of 0.2, and it is subject to an SNMP buffer overflow attack at a likelihood of 0.1. This switch has an impact rating of 90 and has no current controls in place. You are 75 percent certain of the assumptions and data. • Server WebSrvá hosts a company Web site and performs e-commerce transactions. It
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

This question has not been answered.

Create a free account to get help with this and any other question!

Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors