Please use attach book to answer the questions no other material Referent chapter: G Appendix A (5 points) 1. Please elaborate how information security managers could use the ten domains in the CIS

Please use attach book to answer the questions no other material

Referent chapter: G Appendix A (5 points)

1. Please elaborate how information security managers could use the ten domains in the CISSP CBK to better manage information systems’ security in an organization.

2. Referent chapters: G1, G7 (optional W9) (10 points)

Information system (IS) security management is primarily concerned with an organization’s strategic-level activities that influence the operation of an information system and the behaviors of the system’s users within the organization.

Please elaborate how the effective hiring and personnel management practices addressed in the chapter 1 of Gregory’s textbook contribute to the secure operations of an organization’s information systems and to the secure behaviors of the organization’s employees when they interact with information systems.

3. Referent chapters: W10, G6, G4 (10 points)

An information security incident is an adverse event that could result in a loss of information assets, but does not threaten the viability of the entire organization.

Please elaborate how to better respond to an organization’s security incidents.

4. Referent chapters: W2, W4, G6 (10 points)

The legal, regulations, compliance, and investigations domain addresses ethical behavior and compliance with regulatory frameworks.

Please describe the similarities and differences between law and ethics, standards, and policy and, then, elaborate the importance of these concepts to the information systems’ security management.

5. Referent chapter: G7 (10 points)

Security operations domain is used to identify critical information and the execution of selected measures that eliminate or reduce adversary exploitation of critical information.

Business resources that are used to support daily business operations include facilities, hardware, software, documentation, and records. The major operations attacks include social engineering, sabotage, theft and disappearance, extortion, bypass, and denial of service.

Please elaborate how these operations attacks may impact the business resources and how to guard these business resources against the operations attacks.