Briefly describe any three standard categories of information assets and their respective risk management components.
What will be an ideal response?
- The people asset is divided into internal personnel (employees) and external personnel(nonemployees). Insiders are further divided into those employees who hold trusted rolesand therefore have correspondingly greater authority and accountability and those regularstaff members who do not have any special privileges. Outsiders consist of other users whohave access to the organization's information assets, some trusted and some untrusted.- Procedures are assets because they are used to create value for the organization. Theyare divided into (1) IT and business standard procedures and (2) IT and business-sensitiveprocedures.- The data asset includes information in all states: transmission, processing, and storage.This is an expanded use of the term "data," which is usually associated with databases,not the full range of information used by modern organizations.- Software is divided into applications, operating systems, and security components. Softwarethat provides security controls may fall into the operating systems or applicationscategory, but is differentiated by the fact that it is part of the InfoSec control environmentand must therefore be protected more thoroughly than other systems components.- Hardware is divided into (1) the usual systems devices and their peripherals and (2) thedevices that are part of InfoSec control systems. The latter must be protected morethoroughly than the former.- Networking components include networking devices (such as firewalls, routers, andswitches) and the systems software within them, which is often the focal point of attacks. Successful attacks can continue against systems connected to the networks.
You might also like to view...
Which of the following statements is false?
a. Scanner method next reads characters until any white-space character is encountered, then returns the characters as a String. b. To call a method of an object, follow the object name with a comma, the method name and a set of parentheses containing the method’s arguments. c. A class instance creation expression begins with keyword new and creates a new object. d. A constructor is similar to a method but is called implicitly by the new operator to initialize an object’s instance variables at the time the object is created.
Why should a threads package be interested in the events of a thread’s becoming blocked or unblocked? Why should it be interested in the event of a virtual processor’s impending preemption? (Hint: other virtual processors may continue to be allocated.)
What will be an ideal response?
Animation that moves an object or text off the screen
A) Exit effect B) Emphasis effect C) Entrance effect
What is the length of time an IP address is assigned to a switchport called?
A) Enable time B) Access time C) Delay time D) Aging time