APPENDIX A

Suggestions for Critical Thinking Exercises

Throughout the book, you have been presented with opportunities to challenge yourself with Critical Thinking Exercises. The answers to these questions are not right or wrong; they are intended to stimulate your thinking about information assurance.

Chapter 1

        1. An organization is considering developing an encryption policy in its organization. The penetration tester from the team starts documenting specific products and configurations to put into the policy. Should the policy contain these details?

             a. Typically not. A policy is an overarching governance document developed to reflect senior management’s position on a topic. While an encryption standard may include specific ...

Get Information Assurance Handbook: Effective Computer Security and Risk Management Strategies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.