I don’t know how to handle this Management question and need guidance.

1-Who is responsible for the protection of information assets of an organization? What are the four essential practices recommended by the National Association of Corporate Directors (NACD) in the United States (US) for proper implementation of the policy?

2-What are the differences between the 5 A’s of information security? Please answer in detail

3-What are the differences between an information owner and Information custodians?

4-The objective of risk assessment is to evaluate what could go wrong, the likelihood of such an event occurring, and the harm if it did. List the components of a risk assessment methodology. Study and present a comparison of following risk assessment models:

•NIST SP-800–30

•OCTAVE

•ISO/IEC 17799 and ISO 27001

•FRAAP

•COBIT

imprtant:

no copy

no plgiarism

correct answer