SEC 360 Week 8 Final (TCO 1) Which of the following should not be the basis for security policy? Legislation Corporate directives Corporate needs Vendor documentation Situation awareness reporting Lecture, pages 60-70 in the text (TCO 2) The of the 17 NIST control can be placed into the 10 IISSCC comprising the common body of knowledge for information security. technologies, domains, families controls, families, domains domains, families, technologies principles, domains, families controls, domains, principles (Lecture, Chapter 3 in the text) There are many controls that are grouped into control families that fit into the 10 domains. (TCO 2) What are the effects of security controls? Confidentiality, integrity, and availability Administrative, physical, and operational Detection, prevention, and response