Module 5: L1 Flashcards
What are some processes an organization needs to have specific information security plans for (5x)?
- Document preparation and review
- Online transactions
- Inventory control
- Content management
- Remote access to databases
Strategy adjustments have security implications. What are the 3x listed?
- Systems may change when an intranet is set up
- New roles of staff may change access to info
- Decentralized use of computers and smart phones
Security must be considered within certain organizational processes like work vs. personal use. What are some of the other considerations mentioned (4x)?
- Information disclosure rules
- Physical security measures
- Breach responses and reporting
- Prevention of malicious software
There are some other ISO norm dimensions mentioned in the lectures like; user access management. What are some others (5x listed)?
- Management of mobile computing
- Management of internet access
- Software development implications
- Encryption requirements
- Contingency planning
Top management has a central role when implementing IS. What are 3x ways in which they develop organization security objectives?
- Clarity in policies & procedures: reduce uncertainty in daily activity
- Maximize regulatory compliance: set fundamental framework
- Responsibility & accountability: transparency and ownership
What are some vehicles for meeting the strategic security objectives?
- Group cohesiveness: group behavior shapes individual response
- Management commitment: reward commitment and compliance
- Training and education: improvement requires learning
- Ethical and moral values: aspirational environment
Implementing means requires a combination of “_______ _______” and “_______ _______”
top down and bottom up
T/F: Information security represents another area of uncertainty. It must be held separate from strategic goals.
False.
IS is integral to strategic goals. Should not be considered an “add on”
Strategic objectives for IS are _________
multidimensional
