CIST 1601 Chapter 4

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

________often function as standards or procedures to be used when configuring or maintaining systems. a. ESSPs b. ISSPs c. EISPs d. SysSPs

SysSPs

NIST 800-14's Principles for Securing Information Technology Systems can be used to make sure the needed key elements of a successful effort are factored into the design of an information security program and to produce a blueprint for an effective security architecture. True False

True

The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees. a. accidental b. external c. intentional d. physical

accidental

A(n) _________ is a document containing contact information for the people to be notified in the event of an incident. a. emergency notification system b. alert roster c. call register d. phone list

alert roster

The stated purpose of ISO/IEC 27002 is to "offer guidelines and voluntary directions for information security __________." a. management b. accreditation c. implementation d. certification

management

A managerial guidance SysSP document is created by the IT experts in a company to guide management in the implementation and configuration of technology. True False

False

The complete details of ISO/IEC 27002 are widely available to everyone. True False

False

The security framework is a more detailed version of the security blueprint. True False

False

__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information. a. Hosting b. Redundancy c. Firewalling d. Domaining

Redundancy

A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can protect information, while the BIA assumes __________. a. controls have been bypassed b. controls have failed c. controls have proven ineffective d. All of the above

All of the above

According to NIST SP 800-14's security principles, security should ________. a. support the mission of the organization b. require a comprehensive and integrated approach c. be cost-effective d. All of the above

All of the above

When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems? a. The standard lacked the measurement precision associated with a technical standard. b. It was not as complete as other frameworks. c. The standard was hurriedly prepared, given the tremendous impact its adoption could have on industry information security controls. d. The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799.

The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799.

You can create a single, comprehensive ISSP document covering all information security issues. True False

True

Standards may be published, scrutinized, and ratified by a group, as in formal or ________ standards. a. de jure b. de public c. de formale d. de facto

de jure

Security __________ are the areas of trust within which users can freely communicate. a. ​perimeters b. ​domains c. ​layers d. ​rectangles

domains


Kaugnay na mga set ng pag-aaral

ISSA Unit 14 TRAINING PRINCIPLES (Paul Taylor's)

View Set

ΒΙΟΛΟΓΙΑ -2ο Κεφάλαιο β ( φωτοσύνθεση) ( πέψη στους μονοκύτταρους οργανισμούς) ( πέψη στους ζωικούς)

View Set

Accident and Health Practice Questions (July 5th, 2021. 74% attempt score)

View Set

Chapter 20 The Lymphatic System and Lymphoid Organs and Tissues / Clinical questions / Lymph system

View Set

NMNC 1110 EAQ 10: Safety and Infection Control (Mastery)

View Set

高職龍騰英文 B3 (B版) L1 It's in Our Blood 單字&片語

View Set

Chapter 14: Preparing a Family for Childbirth and Parenting

View Set

Search Engine Optimization and Keywords

View Set