Professional Documents
Culture Documents
Management of Information Security 5th Edition Whitman Solutions Manual
Management of Information Security 5th Edition Whitman Solutions Manual
Chapter 6-1
Management of Information Security, 5th Ed Whitman & Mattord
Answer: Several information attributes are not often tracked for software, including:
• IP address
• MAC address
• Manufacturer’s model or part number
12. Which information attribute is often of great value for networking equipment when the Dynamic
Host Configuration Protocol (DHCP) is not used?
Answer: If the IP address can be tied to specific assets, it can be very useful for asset tracking.
13. When you document procedures, why is it useful to know where the electronic versions are stored?
Answer: It is useful because the documents can be updated when required and can be retrieved
quickly if systems are unavailable.
14. Which is more important to the information asset classification scheme: that it be comprehensive or
that it be mutually exclusive?
Answer: A comprehensive information asset classification scheme is more desirable because it
implies that all assets will be included, even if they appear in more than one location.
15. What is the difference between an asset’s ability to generate revenue and its ability to generate profit?
Answer: Some assets may be able to operate and create revenue, but unable to earn a profit after
expenses are paid.
16. How many categories should a data classification scheme include? Why?
Answer: An organization would need as many categories as necessary to include all of the different
groupings with the appropriate levels of care. This chapter describes an approach that uses Public,
Internal, and Confidential categories.
17. How many threat categories are listed in this chapter? Which is noted as being the most frequently
encountered, and why?
Answer: Twelve threat categories are discussed in the chapter. The most frequently encountered
category is often “human error or failure” because it is often the hardest to control, as access must
be given to trusted insiders as a requirement for them to perform their assigned duties.
18. What are vulnerabilities?
Answer: Vulnerabilities are opportunities for a threat to become a loss.
19. Describe the TVA worksheet. What is it used for?
Answer: The TVA worksheet combines a prioritized list of assets and their vulnerabilities and a list
that prioritizes threats facing the organization. The resulting grid provides a convenient method of
examining the “exposure” of assets, allowing a simple vulnerability assessment.
20. Examine the simplest risk formula presented in this chapter. What are its primary elements?
Answer: The primary elements in risk estimation are likelihood of loss, value exposed to loss, percent
of potential loss already controlled, and an allowance for uncertainty.
Exercises
Answers will vary.
Chapter 6-2