R1: The three strategies people often use to make security decision are rule-based decisions, relativistic decisions, and requirements-based decisions. The first strategy rule-based decisions are made for people by external circumstances or established, widely accepted guidelines. The second strategy relativistic decisions are often use to outdo others who are faced with similar security issues. Lastly, the third strategy requirements-based decisions are based on a organized analysis of the security status.
R2: The hunter’s dilemma is when you and a few others are getting chased by angry bear through the wilderness, but you don’t have to defeat the bear. Furthermore, you just have to be harder to catch than the others. So, what this dilemma …show more content…
The first step is to establish system and security goals which will identify the system’s goals, security risks, and requirements. This step will perform a risk assessment and use it to produce a list of security requirements. The second step is to select security controls which is to recognize existing controls and additional ones required and construct the system containing the controls. The third step is to validate the information system, so that the controls work as required, approve the system for operation, and deploy it. Finally, the fourth step is to monitor security controls to watch for security incidents and address them and review the environment for any changes that affect security.
R6: The risk management frameworks compare to continuous quality improvement because they are both ingredients for creating and preserving secure systems. The Continuous Improvement process is equivalent to the frameworks by it making a suggestion to adjust and this will enhance the result from becoming a poor one. Once we have made the change to secure the machine then we must resume with the process to manage any …show more content…
The requirements will give the businesses what they want to uphold their security. The controls in the security process are measures that are taken in advance to defend a computer system from any encounter with threats or risks.
R8: The relationship between assets and boundaries in a business is that the assets are secured by the boundaries. When these boundaries have open spots to expose they are called vulnerabilities. Therefore, threat agents will try to use their attacks to reveal those assets to expose the sensitive information that they are looking for. If we don’t want this to happen to our business, we need some sort of defense such as a countermeasure to safely protect our assets.
R9: Some typical information assets include personal computer systems and login information to those systems. Another would be banks accounts and the credentials for the accounts. Moreover, financial documents and the website that controls the
R2: The hunter’s dilemma is when you and a few others are getting chased by angry bear through the wilderness, but you don’t have to defeat the bear. Furthermore, you just have to be harder to catch than the others. So, what this dilemma …show more content…
The first step is to establish system and security goals which will identify the system’s goals, security risks, and requirements. This step will perform a risk assessment and use it to produce a list of security requirements. The second step is to select security controls which is to recognize existing controls and additional ones required and construct the system containing the controls. The third step is to validate the information system, so that the controls work as required, approve the system for operation, and deploy it. Finally, the fourth step is to monitor security controls to watch for security incidents and address them and review the environment for any changes that affect security.
R6: The risk management frameworks compare to continuous quality improvement because they are both ingredients for creating and preserving secure systems. The Continuous Improvement process is equivalent to the frameworks by it making a suggestion to adjust and this will enhance the result from becoming a poor one. Once we have made the change to secure the machine then we must resume with the process to manage any …show more content…
The requirements will give the businesses what they want to uphold their security. The controls in the security process are measures that are taken in advance to defend a computer system from any encounter with threats or risks.
R8: The relationship between assets and boundaries in a business is that the assets are secured by the boundaries. When these boundaries have open spots to expose they are called vulnerabilities. Therefore, threat agents will try to use their attacks to reveal those assets to expose the sensitive information that they are looking for. If we don’t want this to happen to our business, we need some sort of defense such as a countermeasure to safely protect our assets.
R9: Some typical information assets include personal computer systems and login information to those systems. Another would be banks accounts and the credentials for the accounts. Moreover, financial documents and the website that controls the