Describe management controls used to secure information, operations, and to prevent breaches of security.

Description should include setting a security policy to

• ensure individual accountability
  • user authentication
  • auditing account services
    • internal
    • external
• ensure separation of duty
  • user authorization
  • access control mechanisms.

Process/Skill Questions:

• What are the assets that could be affected by a security breach?
• Why are password protocols critical in preventing security breaches?
• Why is it important to secure information?
• What are some consequences of failure to develop policies and appropriate controls to ensure the availability of computer-based systems?