Management and Information Security Exam 3 ch.5-6
Which of the following is an advantage of the one-on-one method of training?
Trainees can learn from each other
The recognition, enumeration, and documentation of risks to an organization's information assets. is known as risk control. true or false
True
An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?
Uncertainty
Which of the following is an advantage of the user support group form of training?
Usually conducted in an informal social setting
The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____.
Vulnerability mitigation controls
The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables. True and False
false
Which of the following is NOT a step in the process of implementing training?
identify target audiences
Which function needed to implement the information security program includes researching, creating, maintaining, and promoting information security plans?
planning
A SETA program consists of three elements: security education, security training, and which of the following?.
security awareness
Which of the following is the most cost-effective method for disseminating security information and news to employees?
security newsletter
Which of the following is true about the security staffing, budget, and needs of a medium-sized organization?
they have a larger security budget (as percent of IT budget) than a small organization
The work breakdown structure (WBS) can only be prepared with a complex specialized desktop PC application. true or false
true
Determining the cost of recovery from an attack is one calculation that must be made to identify risk, what is another?
Cost of prevention
Which of the following is a network device attribute that may be used in conjunction with DHCP, making asset-identification using this attribute difficult?
IP address
Which of the following is the first step in the process of implementing training?
Identify program scope, goals, and objectives
What is the final step in the risk identification process?
Listing assets in order of importance
Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?
Manufacturer's model or part number
Once an information asset is identified, categorized, and classified, what must also be assigned to it?
Relative value
Data classification schemes should categorize information assets based on which of the following?
Sensitivity and security needs
