Need help? We are here


  1. Compare the ISO/IEC 27001 outline with the NIST documents discussed in this chapter. Which areas, if any, are missing from the NIST documents? Identify the strengths and weaknesses of the NIST programs compared to the ISO standard.
  2. Search the Internet for the term security best practices. Compare your findings to the recommended practices outlined in the NIST documents.
  3. Search the Internet for the term data classification model. Identify two such models and then compare and contrast the categories those models use for the various levels of classification.
  4. Search the Internet for the term Treadway Commission. What was the Treadway Commission, and what is its major legacy in the field of InfoSec?

 5. Download and review “NIST SP 800-55, Rev. 1: Performance Measurement Guide for Information Security.” Using this document, identify five measures you would be interested in finding the results from based on your home computing systems and/or network.

6. Using the template provided in Table 9-1, develop documentation for one of the performance measurements you selected in Exercise 4.