I’m working on a cyber security multi-part question and need an explanation and answer to help me learn.
What is the justification and basis for defining security domains? Why are security domains a particularly useful way to structure a cybersecurity system? What is the role of policy in implementing these?
Discuss ways that risk analysis can feed into the decisions about the control baseline. What is the point of the impact analysis? How does probability enforce risk management decisions?
Why is it necessary to follow a hierarchical process to implement procedures? What is the role of the control baseline in this process of implementation and why is it important?
What are the four components of access control management? How do these differ? What does each focus on? What is the purpose of identity management in this process? Is it only necessary for security purposes? If not where else does it apply?
What differentiates discretionary access control from role-based access control? What are the advantages of RBAC in a business setting What types of IDS enable intrusion monitoring in any access control system? What specifically differentiates these IDS approaches?
