PRINCIPLES OF INFORMATION SECURITY
PRINCIPLES OF INFORMATION SECURITY EXAM QUESTIONS AND ANSWERS
WELL ILLUSTRATED.
1. What member of an organization should decide where the information security
functions belong within the organizational structure? Why? answer >> Not sure
2. List and describe the options for placing the information security function
within the organization. Discuss the advantages and disadvantages of each option
answer >> > IT
> Physical security
> Admin services
> Insurance and risk mg
> The legal dot
Advs./dis?
3. For each major information security job covered title covered in the chapter,
list and describe the key qualifications and requirements for the position. answer
>> See next few cards
CISO answer >> Qualifications:
- Bachelor's degree
- Sometimes grad degree
- Communication, interpersonal, management skills
, PRINCIPLES OF INFORMATION SECURITY
Reds:
- Manages the overall InfoSec program
- Drafts/approves InfoSec policies
- Works w/ CIO on strategic, develops tactical, works w/ sec mgrs. on operational
- Develops InfoSec budgets
- Sets priorities for purchase/imply of InfoSec projects/tech
- Makes decisions/recommendations for recruiting/hiring/firing
- Acts as InfoSec team spokesperson
CSO answer >> Qualifications:
- CISO's position may be combined with physical security responsibilities
- Demonstrate experience as a security mar w/ planning, policy, and budgets
Reds:
- familiar with InfoSec reds and "guards, gates, guns" approach
Security Manager answer >> Qualification
- Bachelor's in tech, bus, or sec-related
- CISSP certification
- often have accreditation
- ability to draft middle- and lower-level policies, standards, and guidelines
- budgeting, project management, and hiring and firing
- ability to manage technicians
PRINCIPLES OF INFORMATION SECURITY EXAM QUESTIONS AND ANSWERS
WELL ILLUSTRATED.
1. What member of an organization should decide where the information security
functions belong within the organizational structure? Why? answer >> Not sure
2. List and describe the options for placing the information security function
within the organization. Discuss the advantages and disadvantages of each option
answer >> > IT
> Physical security
> Admin services
> Insurance and risk mg
> The legal dot
Advs./dis?
3. For each major information security job covered title covered in the chapter,
list and describe the key qualifications and requirements for the position. answer
>> See next few cards
CISO answer >> Qualifications:
- Bachelor's degree
- Sometimes grad degree
- Communication, interpersonal, management skills
, PRINCIPLES OF INFORMATION SECURITY
Reds:
- Manages the overall InfoSec program
- Drafts/approves InfoSec policies
- Works w/ CIO on strategic, develops tactical, works w/ sec mgrs. on operational
- Develops InfoSec budgets
- Sets priorities for purchase/imply of InfoSec projects/tech
- Makes decisions/recommendations for recruiting/hiring/firing
- Acts as InfoSec team spokesperson
CSO answer >> Qualifications:
- CISO's position may be combined with physical security responsibilities
- Demonstrate experience as a security mar w/ planning, policy, and budgets
Reds:
- familiar with InfoSec reds and "guards, gates, guns" approach
Security Manager answer >> Qualification
- Bachelor's in tech, bus, or sec-related
- CISSP certification
- often have accreditation
- ability to draft middle- and lower-level policies, standards, and guidelines
- budgeting, project management, and hiring and firing
- ability to manage technicians
