Answered step by step
Verified Expert Solution
Question
1 Approved Answer
The following questions relate to our discussion in seminar 4 of information security planning. a) The ISO27001 is described as an information security management
The following questions relate to our discussion in seminar 4 of information security planning. a) The ISO27001 is described as an information security management system and the ISO27002 is described as a code of practice for information security management. Explain each of these two descriptions. Explain how the two entities work in combination to achieve quality information security outcomes. (3%) b) What is the first control listed in the ISO27002? A colleague asks you describe the two most important characteristics of this first control. How would you answer this colleague? (4%) c) Good information security within a corporate enterprise must be managed 'top-down'. Describe what this statement means and provide two fundamental reasons why this must be so. A professional colleague tells you that- within her corporate employer-the information security process is positioned totally within the IT department and managed totally by the IT manager. Do you agree with this process model? Explain why/why not? (3%)
Step by Step Solution
★★★★★
3.41 Rating (157 Votes )
There are 3 Steps involved in it
Step: 1
a ISO27001 and ISO27002 Descriptions ISO27001 This standard is an Information Security Management System ISMS It provides a systematic approach to managing sensitive company information ensuring it re...
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Bond Markets Analysis and Strategies
Authors: Frank J.Fabozzi
9th edition
133796779, 978-0133796773
