Explore BrainMass

Organization security threats and controls

Question 1
Describe and differentiate between security policies, standards, and guidelines. Which of these three is more important to you and why?

Question 2
Define, describe, and provide an example for one of these terms: vulnerability, threat, and risk. How do you manage risk?

From The Art of Software Security Assessment by Dowd, McDonald and Schuh, (Google Books 2006.)
"In the context of software security, vulnerabilities are specific flaws or oversights in a piece of software that allow attackers to do something malicious, expose or alter sensitive information, disrupt or destroy a system, or take control of a computer system or program."

Question 3
Read about authentication here, Three types of authentication are: 1) something you know, 2) something you have, and 3) something you are. Define authentication and provide an example. Which type(s) of authentication do you prefer? Explain why. What are the relationships between information security principle(s) (confidentiality, integrity, and availability) and authentication?

Question 4
Read the chapter on Public Key Infrastructure (PKI) here, Discuss one of the following:
Explain how public key infrastructure work. Provide an example of how to obtain a server certificate.

Solution Preview

Describe and differentiate between security policies, standards, and guidelines. Which of these three is more important to you and why?

In reference to security policies, these are predicated upon the creation the statements that are issued by higher administration officials that outline how information will be protected throughout the organization. Therefore, it's imperative for the policy to clearly and concisely define how the organization will appropriate roles throughout the organization in regard to security clearances and those who are given the responsibility to access and protect vital information that is pertinent to business operations. The organization must ensure that their policy is capable of providing a description of organizational controls that will be put in place for protecting the company's vital information.

In regard to standards, these are specific mandatory controls that occur on the lower level of organizational management but assist the organization in the enforcement of its information security policy while facilitating the ability of the organization to maintain security consistency throughout the entire organization. Standards consist of technological, hardware, and software standards that are predicated upon specific guidelines that outline the recommended use of these computer security controls to protect the business.

The use of guidelines represent recommendations for how the organization should practice certain functions that are used to provide security for the information technology throughout the organization. They support the standards that have been set by the organization and assist in filling any security gaps that may ...

Solution Summary

Organization security threats and controls are examined.