Unit 4 Assignment
Qsn1.
Answer B-Data at rest
Data at rest is defined a data that is stored excluding data traversing through a network or temporarily stored in computer memory. Data at rest in most cases of not subject to change. Examples of data at rest include; data stored in a hard drive or other forms of data on external backup mediums. Data rest must be protected against any attack, such as Web application attacks (Gregory, 2018).
Qsn2.
Answer D-Data in transit
Data is transit is defined as data that is actively in motion from one location to another. This may be across the internet or private network. It is important to ensure data at transit is highly protected against any malicious activity that can corrupt it (Gregory, 2018). When data is in transit, it is less safe and can easily be corrupted. Encryption is vital in protecting data in transit to prevent people from being in a position to read it. Data must remain encrypted until it reaches the desired recipient.
Qsn3.
Answer B-Tailoring
Toiling is known as a method that is used to modify security controls within baseline with the aims of aligning it with organizational mission. Some of the security controls used in an organization may not be the same in a different department within the organization (Ahrens, and Sankar, 1993).
Qsn4.
Answer A-Tailoring
Tailoring plays a critical role in most organizations as it allows them to select the best security controls measures in line with their organizational goals. In most cases, many organizations are faced with the serious challenge of select the best data storage techniques (Ahrens and Sankar, 1993). Therefore, tailoring ensures each system work only for the indented purpose in the organization.
Qsn5.
Answer A-NIACAP
The National Information Assurance Certification and Accreditation Process formerly was “a minimum standard process required for certification and accreditation of computers and telecommunication system handled by the United States national security information” (Barrett, 2018). It is majorly designed for certifying that certain IT system meets the documented security system. NIACAP pays significant attention to creating a national standard for the process, activities, tasks, and management system of accreditation and certification.
Qsn6.
Answer D-Framework for Improving Critical Infrastructure Cybersecurity
Following the presidential order, a framework was established that focused on the promotion of United States innovation and industrial competitiveness by enhancement of science measurement, standards, and technology in ways that would enhance economic security and help to improve quality of life (Barrett, 2018). NIST released a version of the framework that is vital for improving critical infrastructure cybersecurity.
Qsn7.
Answer C- Data is always encrypted.
Data required by storing properly and giving high security to protect it from being corrupted despite how it is sensitive or confidential. After its use, it must be disposed of properly and ensure any confidential information is protected from falling into the wrong hands, as this may lead to a data breach. Although it is important to prevent data from being accessed by unauthorized parties, it is not important to encrypt it (Gregory, 2018).
Qsn8.
Answer C-monitoring and maintenance
Information security systems are vital for any organization; therefore, it is crucial to ensure all stakeholders are fully involved when implementing equipment to make sure all security features, certifications, and configurations are in place (Stewart, Chapple, and Gibson, 2015).
Qsn9.
Answer B-feasibility and value proposition
Feasibility is vital in ensuring project financial success. It is important to have an understanding of the project to ensure the creation of a credible business plan (Stewart, Chapple, and Gibson, 2015). Value proposition is an important statement that helps in explaining how a certain product will solve customer problems.
Qsn10.
Answer A-the steering committee
The steering committee comprises senior members of an organization and is responsible for making key decisions affecting the operations of any organization. The steering committee is mandated to determining acceptable levels of risk (Stewart, Chapple, and Gibson, 2015). They are also taking part in determining whether an asset is worth protecting or not and making crucial recommendations of the security professional based on the risks analysis they have conducted.
Qsn.11
Answer B-prioritizing information security initiatives
The steering committee plays critical role in making a key decision that affects operations of an organization. The committee ensures security initiatives are given priority to offer high secures to organizational data (Barrett, 2018). Increased cases of cyber-attacks across the globe call for stern measures to be employed to protect organizational data from any malicious actions.
Qsn12.
Answer C-stakeholders requirements
This is an important factor when designing information security architecture. Stakeholders play a critical role in ensuring project success. The architecture developed must ensure it meets the interests of the stakeholders (Stewart, Chapple, and Gibson, 2015).
References
Barrett, M. P. (2018). Framework for improving critical infrastructure cybersecurity. National Institute of Standards and Technology, Gaithersburg, MD, USA, Tech. Rep.
Ahrens, J. D., & Sankar, C. S. (1993). Tailoring database training for end-users. MIS Quarterly, 419-439.
Stewart, J., Chapple, M., & Gibson, D. (2015). CISSP: Certified information systems security professional study guide. (7th, Ed.).
Gregory, P. H. (2018). CISM certified information security manager exam guide. McGraw-Hill Education.