ICTN4040 chapter 4
A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee's actions.
False
A standard is a written-instruction provided by management that informs employees and others in the workplace about proper behavior.
False
Each policy should contain procedures and a timetable for periodic review.
True
Managerial control set the direction and scope of the security process and provide detailed instructions for its conduct
True
Technical controls are the tactical and technical implementations of security in the organization _____________________.
True
According to NIST SP 800-14's security principles, security should ________.
"support the mission of the organization, require a comprehensive and integrated approach, be cost effective" All of the above.
A cold site provides many of the same services and options of a hot site, but at a lower cost.
False
A managerial guidance SYSSP document is created by the IT experts in a company to God management in the implementation and configuration of technology.
False
Systems - specific security policies are organizational policies that provide detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies.
False
The I SSP is a plan which sets out the requirements that must be met by the information security blueprint or framework.
False
The global information security community has universally agreed with the justification for the code of or practices as identified in the iso/iec 17799
False
The operational plan documents the organizations intended long-term direction and efforts for the next several years.
False
In early 2014, in response to executive order 13636, and NIST published the cyber security framework, which intends to allow organizations to ______________.
Identify and Prioritize opportunities for improvement within the context of a continuous and reputable process
A service bureau is an agency that provides a service for a fee.
True
_____________ Controls address personnel security, physical security, and the protection of production inputs and outputs.
operational