What does a formal evaluation attempt to describe?
What will be an ideal response?
That need for assurance requires a formal evaluation, which attempts to describe two things. First, it seeks to confirm that the required practice is being carried out. Then it seeks to describe the level of performance of each practice. It is possible to characterize a given level of performance based on the level of management or organization of the practice. The performance of a given practice can be rated based on the extent to which it satisfies the security requirement of the business process it is tied to. The tie to the business aspect helps strategic planners determine whether the current set of practices adequately satisfies security goals.
You might also like to view...
When connecting to the Internet, most Internet users connect to a Tier 1 network.
Answer the following statement true (T) or false (F)
Many block ciphers have a __________ structure which consists of a number of identical rounds of processing and in each round a substitution is performed on one half of the data being processed, followed by a permutation that interchanges the two halves. ? ?
Fill in the blank(s) with the appropriate word(s).