Chapter 1

Question 1

What are the 3 groups/communities of interest involved in information security decisions?

Answer 1

• InfoSec: protect the organizations assets from threats.
• IT: supplying and supporting IT appropriate to the business’ needs.
• General business: Communicating organizational policies and allocating resources to the other groups.

Question 2

What’s the role of management

Answer 2

to ensure that security strategies are properly planned and controlled.

Question 3

What’s Management?

Answer 3

It’s achieving objectives using the available resources.

Question 4

What’s a manager?

Answer 4

A manager is assigned to administrate resources and coordinate tasks, to achieve objectives.

Question 5

What are the 3 managerial roles?

Answer 5

• Informational role: Collecting, and processing information.
• Interpersonal role: Interacting with parties that affect the completion of the task.
• Decisional role: decision making and resolving conflicts.

Question 6

What’s the difference between leadership and management?

Answer 6

A leader leads by example to influence employees to accomplish objectives.

A manager is assigned to administrate resources and coordinate tasks, to achieve objectives.

Question 7

3 behavioral types of leaders:

Answer 7

– The Autocratic: taking no account of other people’s wishes or opinions.

– The Democratic: taking into consideration other’s wishes or opinions.

– The Laissez-faire: let others operate according to their own laws.

Question 8

2 basic approaches to management are:

Answer 8

– Traditional management theory (POSDC): Staffing/Directing.

– Popular management theory (POLC): more emphasis on leading than directing.

Question 9

3 Categories of Planning:

Answer 9

– Strategic planning: 5+ Years.

– Tactical planning: 1 - 5 Years.

– Operational planning: day-to-day operations.

Question 10

What’s “Governance”?

Answer 10

The practices of the management to achieve goals and manage risks.

Question 11

5 steps to solving problems:

Answer 11

• Step 1: Define problem.
• Step 2: Gather information.
• Step 3: Develop Possible Solutions
• Step 4: Compare Possible Solutions.
• Step 5: Choose and evaluate a solution.

Question 12

Unique functions of information security
management are known as the six P’s:

Answer 12

– Planning
– Policy
– Programs
– Protection
– People
– Project Management

Question 13

“Policy” is:

Answer 13

guidelines for behavior in an organization.

Question 14

3 general categories of policy:

Answer 14

– Enterprise information security policy (EISP)

– Issue-specific security policy (ISSP).

– System-specific policies (SysSPs)

Question 15

3 examples of the many InfoSec plans are:

Answer 15

– incident response planning.
– disaster recovery planning.
– risk management planning.