Please use APA style referencing and in-text citations
1. What are the differences between a security policy, a security standard, and a security practice? What are three types of security policies, and where would each type be used? What type of security policy should be applied to guide usage of the e-mail system?
2.When is a Business Continuity Plan used? How do you decide when to use Incidence Response Plan, Business Continuity Plan, or Disaster Recovery Plan?
3. What is the purpose of Recovery time objective (RTO), Work recovery time (WRT), and Recovery point objective (RPO)?
1. How does a false positive alarm differ from a false negative? From the security perspective, which is least desirable?
2. What is the most widely accepted biometric authorization technology? Why do you believe this technology is so acceptable to users?
3. What is the OSI model? Why is the OSI model so important when it comes to network security?
4. What is the difference between a packet filtering firewall and a dynamic stateful inspection firewall?
1. In risk management strategies, why must periodic review be a part of the process?
2. How does an incident response plan differ from a disaster recovery plan?
3. How would you assign value to assets? And how this affect your risk management strategy?
1. Why is methodology important in the implementation of information security? How does a methodology improve the process?
2. What types of password attacks are you aware of? What can a systems administrator do to protect against them?
3. Briefly explain vulnerability, threat, risk, and exposure?
4. Give some example of access controls and methodologies?
5. What is one, two, and three factor authentication?