Fundamental Information Security Chapter 13: Information Systems Security Education and Training
Which of the following circumstances would NOT trigger mandatory security training for a federal agency under Office of Personnel Management (OPM) guidelines? Change of senior leadership Change in security environment Change in security procedures Change in employee responsibilities
Change of senior leadership
Which of the following is NOT an advantage to undertaking self-study of information security topics? Self-motivation Flexible materials Fixed pace Low cost
Fixed pace
A professional certification is typically offered as part of an evening curriculum thatleads to a certificate of completion. True False
False
Which of the following graduate degree programs focuses on managing the process of securing information systems, rather than the technical aspects of information security? MBA MS MSc MScIT
MBA
Many security training courses specifically prepare students for certification exams. True False
True
Master of science (MS) degree programs prepare a student to enter the field of information security and perform the work of securing systems. True False
True
Master's programs are generally broad and don't focus on a particular field of study. True False
True
Most professional certifications require certification holders to pursue additional education each year to keep their certifications current. True False
True
Nearly any college or university can offer an information systems security or cybersecurity-related degree program once it obtains accreditation for the curriculum from that state's board of education. True False
True
What is the highest level of academic degree that may be earned in the field of information security? Bachelor of science (BS) Master of business administration (MBA) Doctor of philosophy (PhD) Master of science (MS)
Doctor of philosophy (PhD)
The Office of Personnel Management (OPM) requires that federal agencies provide the training suggested by the National Institute of Standards and Technology (NIST) guidelines. True False
True
________ refers to a program of study approved by the State Department of Education in the state that a school operates. Continuing education Accredited Continuing professional education (CPE) Certificate of completion
Accredited
Donna is building a security awareness program designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2. How often must she conduct training for all current employees? :Monthly Semi-annually Annually Biannually
Annually
Donna is building a security awareness program designed to meet the requirements of the Payment Card Industry Data Security Standard (PCI DSS) 3.2. How often must she conduct training for all current employees? Monthly Semi-annually Annually Biannually
Annually
What level of academic degree requires the shortest period of time to earn and does NOT require any other postsecondary degree as a prerequisite? Bachelor's degree Master's degree Doctoral degree Associate's degree
Associate's degree
Continuing professional education (CPE) credits typically represent ________ minutes of classroom time per CPE unit. 30 50 60 120
50
What type of security communication effort focuses on a common body of knowledge? Emails Acceptable use policy (AUP) Education Professional development
Education
What type of security communication effort focuses on a common body of knowledge? Emails Acceptable use policy (AUP) Education Professional development
Education
Most prospective employers value unaccredited programs as much as accredited programs. True False
False
The four main areas in NIST SP 800-50 are awareness, training, certification, and professional development. True False
False
The skills necessary to manage a technical environment are the same as the skills necessary to perform technical work. True False
False
The standard bachelor's designation is a two-year degree program. True False
False
The standard bachelor's designation is a two-year degree program. True False
False
Helen is an experienced information security professional who earned a four-year degree while a full-time student. She would like to continue her studies on a part-time basis. What is the next logical degree for Helen to earn? Bachelor's degree Master's degree Doctoral degree Associate's degree
Master's degree
What government agency sponsors the National Centers of Academic Excellence (CAE) for the Cyber Operations Program? National Security Agency (NSA) Central Intelligence Agency (CIA) Federal Bureau of Investigation (FBI) National Institute of Standards and Technology (NIST)
National Security Agency (NSA)
Brian is the information security training officer for a health care provider. He wants to develop a training program that complies with the provisions of Health Insurance Portability and Accountability Act (HIPAA). Which of the following topics must be included? Password management Medical records formats Prescribing procedures Patient safety
Password management
Which of the following programs requires passing a standardized examination that is based upon a job-task analysis? Certificate of completion Professional certification Bachelor's degree Doctoral degree
Professional certification
A certificate of completion is a document that is given to a student upon completion of a continuing education program and is signed by the instructor. True False
True
Distance learning is another term for online study. True False
True
Security awareness training should remind employees to ensure confidentiality by not leaving any sensitive information or documents on their desks. True False
True
The National Institute of Standards and Technology (NIST) 800 Series publications cover all NIST-recommended procedures for managing information security. True False
True
The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas. True False
True
The purpose of continuing education is to provide formal training courses that lead to a certificate or professional certification and NOT a degree. True False
True
A professional certification is typically offered as part of an evening curriculum that leads to a certificate of completion. True False
False
Advantages of self-study programs include self-motivation, low-cost, and interaction with other students or an instructor. True False
False
In general, security training programs are identical to security education programs with respect to their focus on skills and in their duration. True False
False
A security awareness program that focuses on an organization's Bring Your Own Device (BYOD) policy is designed to cover the use of what type of equipment? Servers Workstations Printers Personally owned device
Personally owned devices
