Security Assessment: Case Studies for Implementing NSA IAM

Frequently Asked Questions

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form. You will also gain access to thousands of other FAQs at ITFAQnet.com.

Q: Can I add or take away from NSA s 18 Baseline INFOSEC Classes and Categories and still be compliant with the IAM methodology?

A: The IAM is intended to be a flexible methodology that you can either adopt in full or integrate into your own assessment process. You can add to the 18 baseline categories without an issue. If you take away from the required set, just document the fact and you will still be in compliance with the IAM.

Q: What are the most common classes and categories beyond the basic 18 defined by the NSA IAM?

A: Additions to the baseline categories vary greatly by customer. Many customers have asked us to specifically address certain topics, even though they are embedded in the primary 18 baseline categories. We have seen specific topics of:

Encryption

Wireless networking

Intrusion detection systems

E-mail

Q: What are the greatest obstacles to a good interview?

A: The greatest obstacle is to get the interviewee to relax enough to speak openly about the security practices of the organization. When the interviewer is...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Ion Lasers
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.