Management of Information Security Chapter 1
True
1) Policy, 2) awareness, training and education, and 3) technology are concepts vital for the protection of information.
decisional
A manager has informational, interpersonal, and ____ roles within the organization.
True
A project can have more than one critical path.
availability
According to the C.I.A. triangle, the three desirable characteristics of information are confidentiality, integrity, and ____
authentication
An information system possesses the characteristic of ____ when it is able to recognize individual users.
False
An information system that is able to recognize the identity of individual users is said to provide authentication
False
Another popular project management tool is the bar or McCumber chart, named for its developer, who created this method in the early 1900s.
accountability
Audit logs that track user activity on an information system provide ____
data network devices
Communications security involves the protection of an organization's ____.
Quality
If the project deliverables meet the requirements specified in the project plan, the project has met its ____________________ objective
False
Information security can be both a process and a project because it is in fact a continuous series of projects.
True
Leadership generally addresses the direction and motivation of the human resource.
False
Only a deliberate attack, such as a virus, can result in the corruption of a file.
False
Operations are discrete sequences of activities with starting points and defined completion points.
False
Policies are InfoSec operations that are specifically managed as separate entities.
True
Popular management theory categorizes the principles of management into planning, organizing, leading and controlling
True
The C.I.A. triangle is an important element of the CNSS model of information security.
Availability
The CNSS Security model known as the McCumber cube examines the confidentiality, integrity and ____________________ of information whether in storage, processing or transmission.
False
The CNSS security model includes detailed guidelines and policies that direct the implementation of controls.
activities
The Gantt chart lists ____ on its vertical axis and provides a simple time line on the horizontal axis.
availability
The ____ of information refers to the ability to access information without interference or obstruction and in a useable format.
formation Technology
The ____________________ community supports the business objectives of an organization by supplying and supporting information technology appropriate to the businesss' needs.
authorization
The activation and use of access control lists is an example of the ____ process.
False
The authorization process takes place before the authentication process.
accountability
The characteristic of ____ exists when a control provides assurance that every activity undertaken can be attributed to a named person or automated process.
False
The characteristic of information that enables a user to access it without interference or obstruction and in a useable format is confidentiality.
True
The integrity of information is threatened when it is exposed to corruption, damage, or destruction.
All workers operate at approximately the same level of efficiency
The management of human resources must address many complicating factors; which of the following is NOT among them?
information security
The protection of information and the systems and hardware that use, store, and transmit that information is known as ____.
goal
The term ____________________ refers to the end result of a planning process.
democratic
The three behavioral types of leaders are autocratic, laissez-faire, and ____________________.
False
The three desirable characteristics of information on which the C.I.A. triangle is founded are confidentiality, integrity, and authorization.
Operational
The three levels of planning are strategic planning, tactical planning, and ____________________ planning.
True
The two network scheduling techniques, the Critical Path Method and PERT, are similar in design.
False
When you review technological feasibility, you address the organization's financial ability to purchase the technology needed to implement a candidate solution
policy
Which of the following Principles of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidance?
principles
Which of the following is NOT a Principle of Information Security Management?
Build support among management for the candidate solution
Which of the following is NOT a step in the problem-solving process?
Employees benefit from the formal training required for the method
Which of the following is NOT an advantage of the PERT method?
installation of a new firewall system
Which of the following is a project not a managed process?
Recognize and define the problem
Which of the following is the first step in the problem-solving process?
Failure to meet project deadlines
____ is one of the most frequently cited failures in project management.
Integrity
____ is the quality or state of being whole, complete, and uncorrupted.
Scope creep
____ occurs when the quantity or quality of project deliverables is expanded from the original project plan
Confidentiality
____ of information ensures that only those with sufficient privileges and a demonstrated need may access certain information.
Network
____ security addresses the ability to use the network to accomplish the organization's data communication functions.
Communications
___________________ security encompasses the protection of an organization's communications media, technology, and content.
Programs
____________________ are the operations conducted within InfoSec, which are specifically managed as separate entities.
Management
____________________ is the process of achieving objectives using a given set of resources.
Information Security
____________________ is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information.