Project 13.3: Assessing Risk Management According to the FFIEC Information Security InfoBase Handbook ( Appendix A ), the initial step in a regulatory Information Technology Examination is to interview management and review examination information to identify changes to the technology infrastructure, new products and services, or organizational structure.1. Explain how changes in network topology, system configuration, or business processes might increase the institution’s information security–related risk. Provide examples.2. Explain how new products or services delivered to either internal or external users might increase the institution’s might increase the institution’s information security–related risk. Provide examples.3. Explain how loss or addition of key personnel, key management changes, or internal reorganizations might increase the institution’s information security–related risk. Provide examples.

Question

11-03-2020
Engineering

contestada

Project 13.3: Assessing Risk Management According to the FFIEC Information Security InfoBase Handbook ( Appendix A ), the initial step in a regulatory Information Technology Examination is to interview management and review examination information to identify changes to the technology infrastructure, new products and services, or organizational structure.1. Explain how changes in network topology, system configuration, or business processes might increase the institution’s information security–related risk. Provide examples.2. Explain how new products or services delivered to either internal or external users might increase the institution’s might increase the institution’s information security–related risk. Provide examples.3. Explain how loss or addition of key personnel, key management changes, or internal reorganizations might increase the institution’s information security–related risk. Provide examples.

Respuesta :

Otras preguntas

The scientific method uses observation and which other process to answer questions

PLEASE HELP ME! POINT GIVEAWAY! Who established the role of the Supreme Court in judicial review? A. George Washington B. Alexander Hamilton C. John Adams

(9x+10) raised to the power of 3

During the mid- to late 19th century, American businesses were primarily interested in doing which of these? (3 points) fighting government efforts to regulate

What is a literary luminary

i need help 5 pt if help

Eight times a number equals 35 more than the number. Find the number

What is the arrangement of atoms within a molecule called?

A meteor is approaching Earth. Which statement about its motion is true?

Describe the formation of oil and natural gas

braza909 braza909 · Answer 1 · 2020-03-15T06:13:14+01:00

Answer:

1. Changes in network topology or system configuration might bring security-related challenges. For example, adopting a new system configuration which is low in cost but also very new in the Industry might be vulnerable to the existing security.

2. New products or Services which are delivered to either the Internal/External users might be prone to security issues.

Let say a product 'A' has been launched by a company 'X' and for testing purpose it has been given to the internal users. Now as this product 'A' is a product of 'X' itself it will be allowed to carry in the official premises and if some user tries to hack this product and can make the product potentially harmful w.r.t security.

3. Consider a scenario where there is a change in management & team, the team members which were thoroughly responsible for Security kinds of stuff are dissolved into different teams. Also new members are hired for the team. Now, since the new members will need some time to get adapted to the Business As Usual things there are high chances of a security level not maintained as it was earlier by the old guys. This could be due to undocumented things in the organization or due to lack of Knowledge Transfer to the new joinees.