Principles Of Information Security (6th Ed.) - Chapter 12 Review Questions Study Guide Graded A+

18. What is the primary goal of the vulnerability assessment and remediation domain of the maintenance model? Is this important to an organization with an Internet presence? Why? {Ans: > Identify specific, documented vulns and remediate them in a timely fashion > Yes > Because part of the process includes internet VA, which finds vulns in an org's public network}7. What ongoing responsibilities do security managers have in securing the SDLC? {Ans: "The ongoing responsibilities of security management involve maintenance of the contingency plan, which must always be in a ready state for use immediately upon notification. Periodic reviews of the plan must be conducted to ensure currency of key personnel and vendor information, system components and dependencies, the recovery strategy, vital records, and operating requirements" Not sure}6. What changes need to be made to the model in SP 800-100 to adapt it for use in security management maintenance? {Ans: The 13 areas? 1. Information security governance 2. Systems development life cycle 3. Awareness and training 4. Capital planning and investment control 5. Interconnecting systems 6. Performance measures 7. Security planning 8. Information technology contingency planning 9. Risk management 10. Certification, accreditation, and security assessments 11. Security