Management of information security 3rd edition whitman

Management of Information Security primarily focuses on the managerial aspects of information security, such as access control models, information security governance, and information security program assessment and metrics. Coverage on the foundational and technical components of information security is included to reinforce key concepts. The third edition includes up-to-date information on changes in the field such as revised sections on national and international laws and international standards like the ISO series.

With these updates, Management of Information Security continues to offer a unique overview of information security from a management perspective while maintaining a finger on the pulse of industry changes and academic relevance. Whitman, Michael E. Management of Information Security. Independence: Cengage Learning, Advanced Search. Skip to main content. Faculty Publications. Information security can be both a process and a project because it is in fact a continuous series of projects.

Unlike ongoing operations, project management involves the short-term gathering of a group that completes the project, and whose members are then released, and perhaps assigned to other projects.

Changing only one of the project plan elements does not usually affect the accuracy and reliability of the estimates of the other two. Project team members may require special training on newly introduced technologies, and this may increase the risk of human resource turnover because personnel trained in a new, high-demand skill are more likely to leave the organization in search of better opportunities elsewhere.

In the WBS approach, a project plan is first broken down into a small tasks or specific action steps. An effective project management software application is capable of eliminating the need for a project manager.

Any project manager is better served using a tool they know, rather than an overly complex one that he or she cannot use suitably. Network security encompasses strategies to protect people, tangible assets, and the workplace from various threats. The three desirable characteristics of information on which the C.

The integrity of information is threatened when it is exposed to corruption, damage, or destruction. The characteristic of information that enables a user to access it without interference or obstruction and in a useable format is confidentiality.

An information system that is able to recognize the identity of individual users is said to provide authentication. During the identification process, a control provides proof that a user possesses the identity that he or she claims.

The process of achieving objectives using a given set of resources is called management. Autocratic leaders typically seek input from all interested parties, and then formulate a position that can be supported by the majority. Democratic leaders tend to make decisions only when they are needed to avoid bringing the process to a complete halt.

Leadership generally addresses the direction and motivation of the human resource. Popular management theory categorizes the principles of management into planning, organizing, leading and controlling. The first step in solving problems is to recognize and gather facts about the problem. In reviewing behavior feasibility, you assess a candidate solution according to the likelihood that management will adopt and support a solution, rather than resisting it.

Policies are InfoSec operations that are specifically managed as separate entities. Operations are discrete sequences of activities with starting points and defined completion points. Activity definition is a process in the knowledge area of time, in project management methodology. Administrative closure is a process in the knowledge area of communications, in project management methodology.

The project plan inputs include work time, resources and project activities. During the project execution phase, the positive feedback loop or cybernetic loop ensures that progress is measured periodically. Training project team members on how to use new technologies when they are introduced decreases the risk of human resource turnover. WBS is a simple planning tool used to create a n project plan.

The first step in the WBS is to identify the work to be accomplished in the task or task area; that is, the activities and constraints. One method for sequencing tasks and subtasks in a project plan is known as Web scheduling, referring to the collection of possible pathways to project completion from the beginning task to the ending task.

Among the advantages to the PERT method is planning large projects is made easier by facilitating the identification of pre- and post- activities. Another popular project management tool is the bar or McCumber chart, named for its developer, who created this method in the early s.

Communications c. Operations b. Network d. Physical ANS: B. According to the C. Integrity c. Security b. Authorization d. Confidentiality ANS: A. Identification c. Authorization b. Authentication d. Accountability ANS: B. Autocratic c. Laissez-faire b.

Democratic d. Diplomatic ANS: A. Democratic b. Laissez-faire d. Aristocratic ANS: B. Which of the following is the first step in the problem-solving process? Analyze and compare the possible solutions b. Develop possible solutions c. Recognize and define the problem d. Select, implement and evaluate a solution ANS: C. Which of the following is NOT a step in the problem-solving process? Select, implement and evaluate a solution b. Analyze and compare possible solutions c.

Build support among management for the candidate solution d. Gather facts and make assumptions ANS: C. Which of the following Principles of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidance? Which of the following is a project not a managed process? Which of the following is NOT a benefit that organizations that make project management a priority accrue?

ANS: A. Information security project managers often follow methodologies based on what methodology promoted by the Project Management Institute? Integration c. Scope b. Quality d. Technology ANS: D. Which of the following is NOT a project plan input? Resources c. Project deliverables b. Work time d. All of these are inputs ANS: D. Scope creep c. Deliverable expansion b. Deliverable modification d. Overly restrictive management b. Excessive personnel on project c. Failure to meet project deadlines d.

Loose or ambiguous project specifications ANS: C. The management of human resources must address many complicating factors; which of the following is NOT among them? All workers operate at approximately the same level of efficiency b.