Week 2B

Question 1

Main steps Enterprise Information Security

Answer 1

1. Criticality of business activities
2. Operational conditions
3. Risk analysis
4. Enterprise security requirements
5. Security architecture
6. Gap and risk analysis
7. Management of remaining risks

Question 2

Types of Security Assets

Answer 2

1. Data-related
2. Operation-related
3. Person-related
4. Control-related

Question 3

Criticality Classification of Business Functions

Answer 3

1. Critical functions
2. Essential functions
3. Necessary functions
4. Desirable functions

Question 4

Examples of operating conditions

Answer 4

• Protect against cash register operating errors
• Protect purchases of customer
• Protect personal information of employees and customers
• Protect integrity of registration of the inventory
• Protect integrity of payments
• Payment chain must be available

Question 5

Enterprise security requirements - Classification Aspects

Answer 5

Confidentiality, Integrity, Availability, Auditability, Nonrepudiation

Question 6

Security architecture - classification of security measures

Answer 6

Prediction
Prevention
Response
Detect

Question 7

Four types of security measures

Answer 7

Process/Procedural
Screening/Awareness
Physical
Information Technology