Information Security Management

Edit Answers
123456789
Across
  1. 3. A detailed statement of what must be done to comply with policy, sometimes viewed as the rules governing policy compliance.
  2. 4. Instructions that dictate certain behavior within an organization.
  3. 5. The high-level information security policy that sets the strategic direction, scope, and tone for all of an organization’s security efforts; also known as a security program policy, general security policy, IT security policy, high-level InfoSec policy, or simply an InfoSec policy.
  4. 6. A term sometimes used synonymously with objectives; the desired end of a planning cycle.
  5. 7. A managerial program designed to improve the security of information assets by providing targeted knowledge, skills, and guidance for an organization’s employees.
  6. 9. The actions taken by management to specify the intermediate goals and objectives of the organization in order to obtain specified strategic goals, followed by estimates and schedules for the allocation of resources necessary to achieve those goals and objectives.
Down
  1. 1. The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately, and verifying that the enterprise’s resources are used responsibly.
  2. 2. Examples of actions that illustrate compliance with policies.
  3. 3. Organizational policies that often function as standards or procedures to be used when configuring or maintaining systems.
  4. 8. Specifications of authorization that govern the rights and privileges of users to a particular information asset; includes user access lists, matrices, and capabilities tables.