You are to answer 5 out of the 20 chapter Review Questions found on pages 246- 247. Create a MS Word document, name the file Ch4_YourLastName (ex: Ch4_S) and submit in the provided area of Canvas. Remember yes or no answers will not work, the minimum requ

timer Asked: Nov 18th, 2019

Question Description

You are to answer 5 out of the 20 chapter Review Questions found on pages 246- 247. Create a MS Word document, name the file Ch4_YourLastName (ex: Ch4_S) and submit in the provided area of Canvas. Remember yes or no answers will not work, the minimum requirement for each question is 1 paragraph (at least 4 sentences). More is welcome if needed. Be sure to number the questions you are answering for example:






Unformatted Attachment Preview

ll AT&T 10:33 PM @ 32% < Principles of Information Security... заась о слио с элэгсэд иог исэг типисалс, гипс с сопозиц- egies are defend, transfer, mitigate, accept, and avoid. The economic feasibility study determines the costs associated with protecting an asset. The formal documentation process of feasibility is called a cost benefit analysis. Benchmarking is an alternative method to the economic feasibility analysis that seeks out and studies the practices used in other organizations that produce the results desired in an organization. The goal of information security is to reduce residual risk, the amount of risk unaccounted for after the application of controls and other risk management strategies, to an acceptable level. Review Questions 1. What is risk management? Why is the identification of risks, by listing assets and their vulnerabilities, so important to the risk management process? 2. According to Sun Tzu, what two key understandings must you achieve to be successful in battle? 3. Who is responsible for risk management in an organization? Which community of interest usually takes the lead in information security risk management? 4. In risk management strategies, why must periodic review be a part of the process? 5. Why do networking components need more examination from an information security perspective than from a systems development perspective? 6. What value does an automated asset inventory system have for the risk identification process? 7. What information attribute is often of great value for local networks that use static addressing? 8. Which is more important to the systems components classification scheme: that the asset identification list be comprehensive or mutually exclusive? பேரம் கோடி பனை கானா பாசேயனமாடிப்பாக பகவாசையானால், வரையான கர்மவிபோபாகானோரனமாக பார்ககம் 168 Chapter 4 9. What's the difference between an asset's ability to generate revenue and its ability to generate profit? 10. What are vulnerabilities? How do you identify them? 11. What is competitive disadvantage? Why has it emerged as a factor? 12. What are the strategies for controlling risk as described in this chapter? 13. Describe the defend strategy. List and describe the three common methods. 14. Describe the transfer strategy. Describe how outsourcing can be used for this purpose. 15. Describe the "mitigate" strategy. What three planning approaches are discussed in the text as opportunities to mitigate risk? 16. How is an incident response plan different from a disaster recovery plan? 17. What is risk appetite? Explain why risk appetite varies from organization to organization. 18. What is a cost benefit analysis? 19. What is the definition of single loss expectancy? What is annual loss expectancy? 20. What is residual risk? Exercises 1. If an organization has three information assets to evaluate for risk management, as shown in the accompanying data, which vulnerability should be evaluated for addi- tional controls first? Which one should be evaluated last? Data for Exercise 1: • Switch L47 connects a network to the Internet. It has two vulnerabilities: it is susceptible to hardware failure at a likelihood of 0.2, and it is subject to an SNMP buffer overflow attack at a likelihood of 0.1. This switch has an impact rating of 90 and has no current controls in place. You are 75 percent certain of the assumptions and data. • Server WebSrvá hosts a company Web site and performs e-commerce transactions. It
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

This question has not been answered.

Create a free account to get help with this and any other question!

Related Tags

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors