Part 1: Review Questions
- What is a security model?
- What are the essential processes of access control? Identify at least two different approaches used to categorize access control methodologies. List the types of controls found in each.
- What is COBIT? Who is its sponsor? What does it accomplish? What is the standard of due care? How does it relate to due diligence?
- What is baselining? How does it differ from benchmarking?
Part 2: Module Practice
Make a list of at least ten information security metrics that could be collected for a small internet commerce company with 10 employees.