1- In your own words, discuss why information security is a management issue. What is management able to do that technology can not?
2- Why do employees constitute one of the greatest threats to information security?
3-What is the difference between a threat and an attack?
1) implementing information security has more to do with management than with technology managing information security has more to do with policy and its enforcement than with technology of its implementation . organization communities of interest must address information security in terms of business impact and the cost of business interruption , rather than focusing on security as technical problem .
2) Employees constitute one of the greatest threats to information security , as the individual closest to the organizational data .Employees mistakes can easily lead to the following : revelation of a classified data , entry to erroneous data ,accidental deletion or modification of data , storage of data in unprotected areas and failure to protect information .
3) a threat is category of objects , persons , or other entities that represents a constsnt danger to an asset
an attack is an act or event that exploits vulnerability and main difference between threat and attack is a threat can be either intentional or unintentional where as an attack is intentional . threat is a circumstance that has potential to cause loss or damage whereas attack is attempted to cause damage . threat to the information system doesnt mean information was altered or damaged but attack on the information system means there might be a chance to alter , damage , or obtain information when attack was successful.
Get Answers For Free
Most questions answered within 1 hours.