The information security architect of a large service provider advocates an open design of the security architecture, as opposed to a secret design.
What is her main argument for this choice?
When is revision of an employee's access rights mandatory?
An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.
When has the risk assessment program accomplished its primary goal?
In a company a personalized smart card is used for both physical and logical access control.
What is the main purpose of the person's picture on the smart card?
What is a key item that must be kept in mind when designing an enterprise-wide information security program?