Blog

In an essay of no less than 250 words, answer the following:   In Week 5, we learned that security is a design problem. If security is a design problem, this must explicitly mean that the system must undergo a redesign to apply new security to an operational system. Identify the phases of the system development life cycle (SDLC), including the security activities during each phase. There is no need to detail the security activities and definitions. Focus on the SDLC activities in each phase; summarization is acceptable.  

Which of the following is not a valid authorizing official’s (AO) expressed authorization decision?

Decisions about managing security and privacy risks at the system level are closely linked to which of the following?

In an essay of no less than 250 words, answer the following:   According to the National Institute of Standards and Technology Special Publication (NIST SP) 800-100, “risk is a function of the likelihood of a given threat source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization.” Therefore, risk is an equation that includes likelihood, threats, vulnerabilities, and impacts. Define an example information system and describe the risk assessment process and the resulting risk calculation applied to that hypothetical information system. Be sure to include the categorization/characterization of your theoretical information system as part of your calculation.

While the Risk Management Framework (RMF) steps are listed sequentially, they can be carried out in non-sequential order.

Which systems can receive an Authorization To Operate with a “Very High” not compliant (NC) control?

Which of the following is an input to the organization-level risk management plan?

The punctuated equilibrium model of evolution suggests that new species appear

Which of the following has reduced fishing pressures on wild populations?

Conservation biology supports all of the following ethical principles except