Reference no: EM133459503
Questions:
How do the InfoSec management team's goals and objectives differ from those of the IT and general management communities?
What is included in the InfoSec planning model?
List and briefly describe the general categories of information security policy. Briefly describe strategic planning. List and briefly describe the levels of planning. What is governance in the context of information security management?
What are the differences between a policy, a standard, and a practice?
Where would each be used?
What is an EISP, and what purpose does it serve?
Who is ultimately responsible for managing a technology? Who is responsible for enforcing policy that affects the use of a technology?
What is needed for an information security policy to remain viable?
How can a security framework assist in the design and implementation of a security infrastructure? What is information security governance? Who in the organization should plan for it?
Where can a security administrator find information on established security frameworks?
What is the ISO 27000 series of standards?
Which individual standards make up the series?
What documents are available from the NIST Computer Security Resource Center (CSRC), and how can they support the development of a security framework?
What Web resources can aid an organization in developing best practices as part of a security framework?
Briefly describe management, operational, and technical controls, and explain when each would be applied as part of a security framework. What is defense in depth?
Define and briefly explain the SETA program and what it is used for.
What is the purpose of the SETA program?
What is security training?
What is a security awareness program?