User Account

All Pages

Define the designated stakeholder authorizes

Assignment Help Computer Engineering
Reference no: EM131722641

Please answer these questions as fully as possible

1. In terms of focus, what is the difference between the selection of the controls for information assurance and the deployment of the actual response? Why should these be considered different aspects?

The selection of controls for information assurance focuses on information identification and risk identification and analysis

The deployment of the actual response focuses on establishing a sustainable security infrastructure

Specific understanding of the assets and associated risks is a pre-condition to establishing a relevant response

2. What is the role of the change control process and why might it be the single most important success factor?

The change control process has to do with establishing accountability for change. This might be the single most important success factor because there has to be an organizational process to rationally manage the natural evolution or control of the asset base will quickly move out of the grip of the organization

3. Why is it necessary to conduct operational risk assessment on an ongoing basis? How are the outcomes of this process used?

It is necessary to conduct risk assessments on an ongoing basis to identify threats and ensure the long-term survival of the information asset base

The outcomes of this process are used to develop and put into place the appropriate countermeasures to prevent the threats from happening or contain them if they do

4. What are the business issues and constraints involved in control selection? Why are these critical determinants of the ongoing effectiveness of the security system and how can they be affected by change?

The Business Issues and Constraints involved in control selection are:
- Information assets are always evolving
- Items are continuously added to baselines and the form and content of the individual element changes as the business model evolves
- Control structure changes in accordance with alterations in policy

These are critical determinants of the ongoing effectiveness of the security system because there has to be an organizational process to rationally manage the nature evolution or control of the asset base will quickly move out of the grip of the organizaation

5. Why is it necessary to maintain a classic change management process for the information asset baseline? What is the role of the information baseline accounting ledger in this process and why is it important?

Baselines are dynamic because information is a constantly changing resource
Therefore, all baselines are evolved over time, as the form of the asset changes
Baselines are dynamic because information is a constantly changing resource
Therefore, all baselines are evolved over time, as the form of the asset changes
The ledger is utilized by the change control function to perform the impact analysis prior to the change authorization
The point of the prior two functions is to establish and maintain a correct and continuously evolving picture of the form and content of the information base

6. What is the point of the impact analysis? Discuss ways that the impact analysis can feed into the formulation decisions about the control baseline.

7. Why is it necessary to value controls to implement security? What does the organization lose by not doing this (for example, what would be the situation if this were not done)?

8. What is the role of threat assessment in the overall control formulation process? Why is threat assessment a primary success factor for operational implementation?

9. What is the purpose of a beta test of operational security control? What does this provide in terms of ongoing value to the security scheme?

10. Why is it necessary to follow the steps in the process? What is the likely consequence of jumping ahead a few steps to bring things to a faster conclusion?

Fill In the Blanks - Complete each statement by writing one of the terms from this list in each blank.

1. Testing to refine the control set in its operational environment is called Asset Evaluation

2. Each information item is identified by a unique and appropriatelabel.

3. Essentially, 6 types of baselines are involved in asset management.

4. The baseline that provides the specific assurance function is called the component.

5. The goal of authorization is to ensure that the designated stakeholder authorizes all changes to information and controlsets.

Multiple Choice

1. Information management:B. Implementspolicy
A. Is irrelevant to security B. Implements policy C. Involves AT&E D. Is unnecessary

2. Baselines:C. Are hierarchical
A. Are abstract B. Are intangible C. Are hierarchical D. Must be programmed

3. The process of formulating the control set should be based on:C. Iteration
A. Best guess B. Confidence C. Iteration D. A sense of humor

4. To do its work properly, the status accounting function relies on the use of:C. Controls
A. Code reviews B. Repositories C. Controls D. Verifications

5. Information asset management is always based on: A. Plan
A. A plan B. An analysis C. Best guess D. Best practice

Limited Response Questions - In your own words, briefly answer the following:

1. Why is it important to control changes to asset baselines?
Change control is a continuous process. It assures that the documentation of the items that exist within the baseline is accurate and that their precise status is known at all times. Its aim is to manage the natural evolution of an entity in such a way that it preserves its overall integrity

2. Why is the labeling process approached hierarchically?
The actual asset base typically contains multiple representations (versions). Once the high-level understanding is achieved, a second pass is required to detail each of the large components. The labeling employed to characterize the relationship of each individual component to all other components is based on and reflects the hierarchical structure. The labeling must always correlate to the element's location in the hierarchy of the identification scheme

3. Differentiate asset baselines from control baselines.
Asset baselines identifies and records the content and interrelationships of the information items (element) considered valuable
Control baseline identifies and documents the countermeasures established to mitigate threats to each individual information element

4. How do the asset management procedures relate to overall security policy?
Asset management assures that the documentation is accurate and that all security policies are correctly implemented

5. Why is organizational buy-in so important to good asset management?
It is important to keep the baseline properly aligned with the evolution of the operating infrastructure of the organization. Therefore, effectiveness implies a commitment to continuous monitoring, adjustment, and updating of the baseline. This process should entail solicitation of continual and regular feedback from the operational environment. The feedback is important because, in addition to providing guidance, a well-executed feedback system generates a high degree of organizational buy-in (universal acceptance) which assures disciplined performance (implementation) of the security work

Case Exercise for Asset Identification

Refer to the Heavy Metal Technology Case in Appendix (A) of your book. You have been assigned the baseline management responsibility for the project to upgrade the target acquisition and display (TADS) for the AH64-D Apache Longbow attack helicopter. To start the process, you know you must first inventory and array a complete and coherent baseline of high-level documentation items. Using the project materials outlined in the case (and others you want to add because you feel they are appropriate), perform the following tasks:

1. Identify all distinct types of documentation.

2. Relate these documentation items to each other. If there are implicit parent child relationships, what are they?

3. Provide unique labels for each item that reflect their relationship to each other and through which another reader could easily see that relationship.

4. Formulate these items into a coherent baseline.

5. Define a change control system to ensure that the integrity of each of these items will be preserved over time

6. Justify the effectiveness of that control scheme.

Reference no: EM131722641

Questions Cloud

Leadership capacity to create a better future : "I won't run if I don't believe that I have a vision and the leadership capacity to create a better future for our kids and a better future for this nation."
Determine the total overhead cost : Determine the total overhead cost that would be assigned to each of the products listed above in the activity-based costing system
Define critical to the security posture of the organization : Security management practices, to include risk management, are very critical to the security posture of the organization
The case introduces three companies of very different sizes : 1. The case introduces three companies of very different sizes. What differences do you see in their approaches? What similarities?
Define the designated stakeholder authorizes : The goal of authorization is to ensure that the designated stakeholder authorizes all changes to information and controlsets
Find the true mean social interaction score : Conduct a hypothesis test (at a = .01) to determine if the true mean social interaction score of all Connecticut mental health patients differs from 3.
Define true mean heart rate during laughter : Heart rate during laughter. Laughter is often called ‘‘the best medicine,'' since studies have shown that laughter can reduce muscle tension and increase.
Explain stage or stages of feldmans socialization model : Explain stage or stages of Feldman's socialization model that may be influenced by an orientation program. Support your choice(s).
Determine the mean heat rate of gas turbines : Conduct a test to determine if the mean heat rate of gas turbines augmented with high pressure inlet fogging exceeds 10,000 kJ/kWh. Use a = .05.

Reviews

Write a Review

Computer Engineering Questions & Answers

  Compute the parameters of black-sholes model

Using historical data for the five companies and assuming that the strike price K is lower than current stock price by 2 dollars and then risk free rate is 3%, find the following. The value of a 5-year call option price written on those stocks. Fi..

  Note concepts using the osi model as a framework

describe protocols at the different layers of the OSI model and explain their functionality, and identify various hardwarecomponents and network topologies.

  Find an app that uses device capabilities to provide product

Find an app that uses device capabilities to provide a product that previously couldn't exist. Explain what makes this app important or innovative.

  What do you think that the future holds for the virtual

write a 200- to 300-word short-answer response to the followingwhat do you think that the future holds for virtual

  Why coyolxauhqui is a red-tailed boa

Give a critical evaluation of each of the following passages

  The success factors for your organizations information

the success factors for your organizations information technology it were identified in the previous assignment. now

  Find out if they pass or fail the course

The administration of you local Community College has asked you to write down a VB.NET program that allows students to calculate the sum of their grades and find out if they pass or fail the course.

  Write the expression for the charge on the capacitor plate

At time t=0 the capacitor is charged to 200uC,and the current is 0,write the expression for the charge on the capacitor s plate as the time function ?

  Difference between lan or wan

What are the different sorts of network topologies used on a LAN or WAN?

  What are the atomic building blocks

How the production of metal contributes to computer engineering designing? What are the atomic building blocks

  Is it right that rbac functionality is complicated

Is it right that RBAC functionality is complicated

  Create a program which contains a function called sumn()

Create a program which Contains a function called sumN().

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd