Total tasks: 15
Subject: Operations Security
Number of references per task: 2 or 3
Q: What are security policies and why are they so important for organizations to implement?
· ISS management life cycle
· Information assurance (IA)
· Information security governance
· ISS policies
· ISS policy implementation or change
Q: Pick 2 of the business drivers that impact organizational security policies and explain why?
Q: Explain the importance of the 3 main drivers to government security regulations
1. Consumer Protection
2. Stable Economy
3. Tax Revenue
Q: The concept of risk mitigation is essential when implementing security policies. Explain what your understanding of this process involves.
Q: Explain the steps involved in implementing a security policy within an organization, where is the most obvious chance for error?
Q: When organizations are implementing security policies, what business considerations must they take into account and why is this important?
Q: When implementing policies and standards, building consensus amongst organizational stake holders is important. Why is intent vs. need an important consideration?
Q: Implementing security policies in an organization requires separation of duties when it comes to the IT staff. What does this concept mean and how do organizations ensure they are compliant?
Q: Pick two best practices for User Domain Policies and explain what they are and provide examples of what could go wrong in an organization if these best practices are not followed.
Q: Sometimes organizations require team members to access assets and data remotely, when not in the physical facility. It is necessary for organizations to establish Remote Access Domain policies, select one of the Baseline Standards and explain its importance.
Q: Conducting a Risk and Control Self-Assessment (RCSA) will identify 4 key challenges and risks that face an organization what are these and what are their importance?
Q: The organizational support services team serves a vital role, to address the needs of the employees and customers. What value do they add in terms of security policy implementations?
Q: Establishing security policies within an organization is a necessary endeavor. However, it is fruitless unless the information is effectively disseminate. How would an organization go about getting this information out to the masses?
Q: Policy monitoring procedures must be implemented for any policies that the organization configures. Internet usage policies is a great example, what are your thoughts on the validity of monitoring Internet usage on company assests?
Q: Pick one of the 3 automated monitoring systems and explain its use and capabilties.