CIS 462 Week 4 Discussion

profilefveldsdgiid_98
CIS462Week4Discussion.docx

"Principles for Policy and Standards Development" Please respond to the following:

· Select two principles for policy and standards development (accountability, awareness, ethics, multidisciplinary, proportionality, integration, defense-in-depth, timeliness, reassessment, democracy, internal control, adversary, least privilege, continuity, simplicity, and policy-centered security). Examine how these principles would be the same and different for a health care organization and a financial organization.

· Determine which type of organization would have the most difficulty implementing the principles you selected. Support your answer.

"OCTAVE" Please respond to the following:

· From the e-Activity, provide a brief explanation of the Operationally, Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) methods. Explain how they are beneficial for organizations developing their IT risk management approaches.

· From the e-Activity, explain how the size of the organization impacts the OCTAVE method utilized. Determine the factors that large organizations, as opposed to small organizations, are most concerned with.

e-Activity Link: http://www.cert.org/octave/