Purchase Solution

Organization security threats and controls

Not what you're looking for?

Ask Custom Question

Question 1
Describe and differentiate between security policies, standards, and guidelines. Which of these three is more important to you and why?

Question 2
Define, describe, and provide an example for one of these terms: vulnerability, threat, and risk. How do you manage risk?

From The Art of Software Security Assessment by Dowd, McDonald and Schuh, (Google Books 2006.)
"In the context of software security, vulnerabilities are specific flaws or oversights in a piece of software that allow attackers to do something malicious, expose or alter sensitive information, disrupt or destroy a system, or take control of a computer system or program."

Question 3
Read about authentication here, http://flylib.com/books/en/4.283.1.12/1/. Three types of authentication are: 1) something you know, 2) something you have, and 3) something you are. Define authentication and provide an example. Which type(s) of authentication do you prefer? Explain why. What are the relationships between information security principle(s) (confidentiality, integrity, and availability) and authentication?

Question 4
Read the chapter on Public Key Infrastructure (PKI) here, http://flylib.com/books/en/3.41.1.110/1/. Discuss one of the following:
Explain how public key infrastructure work. Provide an example of how to obtain a server certificate.

Purchase this Solution
Solution Summary

Organization security threats and controls are examined.

Solution Preview

Describe and differentiate between security policies, standards, and guidelines. Which of these three is more important to you and why?

In reference to security policies, these are predicated upon the creation the statements that are issued by higher administration officials that outline how information will be protected throughout the organization. Therefore, it's imperative for the policy to clearly and concisely define how the organization will appropriate roles throughout the organization in regard to security clearances and those who are given the responsibility to access and protect vital information that is pertinent to business operations. The organization must ensure that their policy is capable of providing a description of organizational controls that will be put in place for protecting the company's vital information.

In regard to standards, these are specific mandatory controls that occur on the lower level of organizational management but assist the organization in the enforcement of its information security policy while facilitating the ability of the organization to maintain security consistency throughout the entire organization. Standards consist of technological, hardware, and software standards that are predicated upon specific guidelines that outline the recommended use of these computer security controls to protect the business.

The use of guidelines represent recommendations for how the organization should practice certain functions that are used to provide security for the information technology throughout the organization. They support the standards that have been set by the organization and assist in filling any security gaps that may ...

Solution provided by:
Stephen Washington, MS
Education
  • BS, Sam Houston State University, 1903 University Avenue, Huntsville, Tx 77340
  • MS, Prairie View A&M University
Recent Feedback
  • "awesome"
  • "awesome"
  • "Awesome appreciate the assistance."
  • "Thanks awesome. more to follow"
  • "awesome, Thanks for the assistance"
Purchase this Solution
Free BrainMass Quizzes
Organizational Leadership Quiz

This quiz prepares a person to do well when it comes to studying organizational leadership in their studies.

Team Development Strategies

This quiz will assess your knowledge of team-building processes, learning styles, and leadership methods. Team development is essential to creating and maintaining high performing teams.

Introduction to Finance

This quiz test introductory finance topics.

Academic Reading and Writing: Critical Thinking

Importance of Critical Thinking

Writing Business Plans

This quiz will test your understanding of how to write good business plans, the usual components of a good plan, purposes, terms, and writing style tips.

View More Free Quizzes
Related BrainMass Solutions

  • information assets

    326478 Explain how controls and security are related for information assets Explain how controls and security are related for information assets.

  • Security Threats to Organizations

    Organizations face many different types of threats. This is one of the reasons why internal controls are used throughout different areas of the organization, and we then often add police and security assistance to the internal controls.

  • information security

    The article starts with a set of data that highlights the importance of formal certification or standardized controls in an organization and how such formal certification have reduced the security related threats.

  • Information Security

    the organization.

  • Risk Identification, Assessment and Strategies in Security

    Technical Security Controls: These controls can be configured to protect against given types of threats. All measures of these controls ensure protection of critical and sensitive information and IT system functions.

  • Information Security

    Disaster Recovery Planning (DRP) and Business Continuity Management (BCM): A holistic management process that identifies potential threats to an organization and the impact those threats may have on business operations.

  • Risk Management Threats

    - Identify any additional controls needed. Remember that there are technical, administrative, and managerial controls. - Describe the network security methodology and technology used in your organization.

  • Business Continuity

    Write a report of no more than 700 words, outlining the components of an effective review of security and controls over IT. Distinguish between vulnerabilities and threats. Provide examples that illustrate these distinctions.

  • Information Security and Ethics: Protection Policies and Procedures

    Next all the software that is used for the organization will be tested periodically and scanned for vulnerability and threats.

View More Related Solutions