Management of Information security

Information technology is the sole responsibility of a small, dedicated group of people in a company

The CIA triangle is an important element of the CNSS model of information security

The CNSS security model includes detailed guidelines and policies that direct the implementation of the controls

The confidentiality of the information is breached when unauthorized individuals or systems are able to access the information

Corruption of information can occur only while information is being stored

Only a deliberate attack, such as a virus, can result in the corruption of a file

The authorization process takes place before the authentication process

A manager has many roles to play including informational, interpersonal, and decisional

A manager is responsible for coordinating the completion of tasks

All manager are expected to play a leadership role

Both autocratic and democratic leaders tend to be action-oriented

Tactical planning focuses on the day-to-day operation of local resources.

Leadership includes supervising employee behavior, performance, attendance and attitude

The first step in solving problems is to gather facts and make assumptions

When you review technological feasibility, you address the organization's financial ability to purchase the technology needed to implement a candidate solution

The set of organizational guidelines that dictate certain behavior within the organization is called planning

Information security can be both a process and a project because it is in fact a continuous series of projects

Unlike ongoing operations, project management involves the short-term gathering of a group that completes the project, and whose members are then released, and perhaps assigned to other projects

Changing only one of the project plan elements does not usually affect the accuracy and reliability of the estimates of the other two

Project team members may require special training on newly introduced technologies, and this may increase the risk of human resource turnover because personnel trained in a new, high-demand skill are more likely to leave the organization in search of better opportunities elsewhere

In the WBS approach, a project plan is first broken down into a small tasks or specific action steps.

A project can have more than one critical path.

The two network scheduling techniques, the Critical Path Method and PERT, are similar in design.

An effective project management software application is capable of eliminating the need for a project manager.

Any project manager is better served using a tool they know, rather than an overly complex one that he or she cannot use suitably.

The protection of an organization’s information assets is the primary mission of the information technology community.

Network security encompasses strategies to protect people, tangible assets, and the workplace from various threats.

Operations security focuses on securing the organization’s ability to carry out its operational activities without interruption or compromise.

Communications security addresses the protection of an organization’s data networking devices, connections, and contents.

1) Policy, 2) awareness, training and education, and 3) technology are concepts vital for the protection of information.

The three desirable characteristics of information on which the C.I.A. Triangle is founded are confidentiality, integrity, and authorization.

The integrity of information is threatened when it is exposed to corruption, damage, or destruction.

The characteristic of information that enables a user to access it without interference or obstruction and in a useable format is confidentiality.

An information system that is able to recognize the identity of individual users is said to provide authentication.

During the identification process, a control provides proof that a user possesses the identity that he or she claims.

The process of achieving objectives using a given set of resources is called management.

Autocratic leaders typically seek input from all interested parties, and then formulate a position that can be supported by the majority.

Democratic leaders tend to make decisions only when they are needed to avoid bringing the process to a complete halt.

Leadership generally addresses the direction and motivation of the human resource.

Popular management theory categorizes the principles of management into planning, organizing, leading and controlling.

The first step in solving problems is to recognize and gather facts about the problem.

In reviewing behavior feasibility, you assess a candidate solution according to the likelihood that management will adopt and support a solution, rather than resisting it.

Policies are InfoSec operations that are specifically managed as separate entities.

Operations are discrete sequences of activities with starting points and defined completion points.

Activity definition is a process in the knowledge area of time, in project management methodology.

Administrative closure is a process in the knowledge area of communications, in project management methodology.

The project plan inputs include work time, resources and project activities.

During the project execution phase, the positive feedback loop or cybernetic loop ensures that progress is measured periodically.

Training project team members on how to use new technologies when they are introduced decreases the risk of human resource turnover.