The process of implementing a performance measures program recommended by NIST involves six phases. List and describe them.
What will be an ideal response?
Phase 1: Prepare for data collection; identify, define, develop, and select information security measures.Phase 2: Collect data and analyze results; collect, aggregate, and consolidate metric data collection and compare measurements with targets (gap analysis).Phase 3: Identify corrective actions; develop a plan to serve as the roadmap for closing the gap identified in Phase 2. This includes determining the range of corrective actions, prioritizing corrective actions based on overall risk mitigation goals, and selecting the most appropriate corrective actions.Phase 4: Develop the business case.Phase 5: Obtain resources; address the budgeting cycle for acquiring resources needed to implement remediation actions identified in Phase 3.Phase 6: Apply corrective actions; close the gap by implementing the recommended corrective actions in the security program or in the security controls.
You might also like to view...
To prevent class objects from being copied:
a. Make the overloaded assignment operator private. b. Make the copy constructor private. c. Both (a) and (b). d. None of the above.
Portions of statements that contain calculations are called
a. variables. b. constants. c. expressions. d. None of the above.
What is a Contact Sheet?
What will be an ideal response?
Which of the following programs extends decryption capabilities beyond a single computer by using the distributed power of multiple computers across a network to decrypt files and recover passwords?
a. Password Recovery Toolkit b. FTK Imager c. Distributed Network Attack d. Registry Viewer