CIS5373: CHAPTER 6 Extended

¡Supera tus tareas y exámenes ahora con Quizwiz!

standards

...involve the standardization of the hardware and software solutions used to address a security risk throughout the organization.

Principle of least privilege

...is the concept that users should be granted only the levels of permission they need in order to perform their duties.

Service-level agreement (SLA)

A(n)... is a formal contract between your organization and an outside firm that details the specific services the firm will provide.

false

An organization does not have to comply with both regulatory standards and organizational standards.

Basic configuration to ensure enforcement of of the security minimums.

Baselines

streamlined method of meeting recurring needs for supplies or services, a BPA creates preapproved accounts with qualified suppliers to fulfill recurring orders for products or services.

Blanket purchase agreement (BPA)

Policies that are enforced. 3 ways to ensure compliance: Event logs(records), Compliance liaison(people aware) and Remediation(fixing).

Compliance

extension of MOU; it serves as an agreement that documents the technical requirements pf interconnected assets. It is most often used to specify technical needs and security responsibilities of connected organizations.

Interconnection security agreement (ISA)

letter of intent. Is an agreement between two or more parties that expresses areas of common interest that result in shared actions.

Memorandum of Understanding (MOU)

They explain the company's security needs and their commitment to meeting those needs. A security policy should read like a short summary of key facts.

Policies

true

Security administration is the group of individuals responsible for the planning, design, implementation, and monitoring of an organization's security plan.

Formal contract between your prganization and the outside firm that details the specific services the firm will provide.

Service-level agreement (SLA)

mandated requirements for hardware and software solutions used to address security risk throughout an organization

Standards

The security process; the policies, procedures, and guidelines adopted by the organization; the authority of the persons responsible for security.

The security program requires documents of...

true

configuration management is the management of modifications made ti the hardware, software, firmware, documentation, documentation, test plans, and test documentation of an automated system through-out the system life cycle.

true

data classification is the responsibility of the person who owns the data.

They outline recommendations for the purchase and use of acceptable products and systems; Simply actions that the organization recommends.

guidelines

RFC 1087

in 1989, the IAB issued a statement of policy about Internet ethics. This document is known as....

system development life cycle (SDLC)

more and more organizations use the term...to describe the entire change and maintenance process for applications.

true

policy sets the tone and culture of the organization

Step-by-step systematic actions to accomplish a security requirement, process, or objective.

procedures

configuration, change

the chance management process includes...control and...control.

to identify data value in accordance with organization policy; to identify information protection requirements; to standardize classification labeling throughout the organization; to comply with privacy law, regulations, and so on.

the objectives of classifying information include which of the following?

waterfall

there are several types of software development methods, but most traditional methods are based on the ... model

has edit checks, range check, validity checks, and other similar controls; checks user authorization; checks user authentication to the application; has procedures for recovering database integrity in the event of system failure.

when developing software, you should ensure the application does which of the following?

an emotional appeal for help, a phishing attack, intimidation, name-dropping

which of the following is an example of social engineering?

they provide for places within the process to conduct assurance checks.

which of the following is true of procedures?

fuzzing

which software testing method provides random input to see how software handles unexpected data?


Conjuntos de estudio relacionados

OHS 314 Chapter 3 Part 3: Physiology of the Auditory System

View Set

BLAW Ch 15: Third-Party Rights and Discharge

View Set

Chapter 14: Introducing Energy Changes in Reactions.

View Set

8 ; An economic analysis of financial structure

View Set