IAS - APPROACHES TO INFORMATION . .

Question 1

A method of establishing security policies and/or practices that begins as a grassroots in system administrator attempt to improve the security of their systems.

Employee Input
Company Wide Collaboration
Tasks Completed and Sent to higher ups

Answer 1

BOTTOM-UP APPROACH

Question 2

A methodology of establishing security policies and/or practices that is initiated by upper management.

Jobs are Altered and Completed Based on Higher Authority
Employees receive specific tasks
Tasks Delegated by Upper management

Answer 2

TOP-DOWN APPROACH

Question 3

SECURITY IN THE SYSTEMS DEVELOPMENT LIFE CYCLE

an SDLC is a methodology for the design and implementation of an information system.

Using a methodology ensures a rigorous process with clearly defined goal and increases the probability of success.

Answer 3

SYSTEM DEVELOPMENT LIFE CYCLE

Question 4

A type of SDLC in which each phrase of the process “flows from” the information gained in the previous phase, with multiple opportunities to return to previous phase, . .

Answer 4

Waterfall Model

Question 5

Waterfall Methodology Phases
(I, A, L , P , I ,M)

Answer 5

• Investigation
• Analysis
• Logical Design
• Physical Design
• Implementation
• Maintenance and Change

Question 6

Begins by examining the event or plan that initiates the process

During this phase, the objectives constraints, . . .

Answer 6

INVESTIGATION

Question 7

This phase consists primarily of assessment of the organization, its current systems, and its capability to support the proposed systems

Answer 7

ANALYSIS

Question 8

Begin in creating a streams solution for a business problem. In any system solution, the driving factor must be the business need.

Answer 8

LOGICAL DESIGN

Question 9

Specific technologies are selected to support the alternatives identified and evaluated in the logical design.

Answer 9

PHYSICAL DESIGN

Question 9

**Any needed software is created.
**
Components are ordered, received and tested/ afterwards.

Answer 9

IMPLEMENTATION

Question 10

Longest and most expensive of the process.

This phase consists of the task necessary to support and modify the system for the remainder of its useful life cycle.

Answer 10

MAINTENANCE AND CHANGE

Question 11

SECURITY PROFESSIONALS AND THE ORGANIZATION

An executive-level position that oversees the organizations computing technology and strives to create efficiency in the processing

SENIOR MANAGEMENT

Answer 11

Chief Information Officer (CIO)

Question 12

Top information security officer in an organization.

SENIOR MANAGEMENT

Answer 12

Chief Information Security Officer (CISO)

Question 13

INFORMATION SECURITY PROJECT TEAM

Promotes the project and ensure its support.

Answer 13

Champion

Question 14

Understand project management, personnel management, and information security technical requirements.

Answer 14

Team Leader

Question 15

Understand the organization culture, existing policies, and requirements for developing and implementing successful policies.

Answer 15

Security Policy Developers

Question 16

Understand financial risk assessment techniques

Answer 16

Risk Assessment Specialist

Question 17

DATA OWNERSHIP

Control and responsible for the security and use of a particular set of information.

Answer 17

Data Owners

Question 17

Responsible for storage maintenance and protection of information.

Answer 17

Data Custodians

Question 18

Internal and external stakeholder who interact with information in support of their organizing planning and organization.

Answer 18

Data Users