(a) How many policy documents does the ISO 27000 standard provide? Briefly describe the content areas covered by each of them.
(b) Compare the ISO 27000 series of documents with the NIST documents discussed in Chapter 8. Which areas, if any, are missing from the NIST documents? Identify the strengths and weaknesses of the NIST program compared to the ISO standard.
What is SANS SCORE and why is it useful? Review the security policy documents provided by SANS SCORE and discuss contents of the relevant documents available under each of the following categories: (a) Server Security (b) Application Security (c) Network Security (d) Incident Handling.
What is the fundamental difference between a security management model and a security architecture model? Explain with an illustrative example.
(a) What are the key principles on which access control is founded?
(b) What two access control methods that use a state machine model to enforce security? Compare and contrast the two methods by explaining their similarities and differences.
What is separation of duties? Discuss the various ways through which this method can be used to improve an organization’s InfoSec practices.