Secure Final, Quiz 12 Information Security Fundamentals
Which of the following is the definition of continuing professional education (CPE)?
A standard unit of credit that equals 50 minutes of instruction.
Which of the following is the definition of continuing professional education (CPE)?
A standard unit of credit that equals 50 minutes of instruction. They are typically needed to maintain certification or licensing.
"________" refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.
Accredited
________refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.
Accredited
What is meant by protected health information (PHI)?
Any individually identifiable information about the past, present, or future health of a person. It includes mental and physical health data.
The purpose of DoD Directive _____________ is to reduce the possibility that unqualified personnel can gain access to secure information.
8570.01
What is the National Institute of Standards and Technology (NIST)?
A federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life."
________ is information that is publicly available about all students at a school.
Directory information
Which regulating agency has oversight for the Children's Internet Protection Act?
FCC
The ________________,enacted as part of the American Recovery and Reinvestment Act of 2009, was designed to promote the widespread adoption and standardization of health information technology.
HITECH Act
The four main credentials of the ________ are Systems Security Certified Practitioner (SSCP®), Certified Information Systems Security Professional (CISSP®), Certified Authorization Professional (CAP®), and Certified Secure Software Lifecycle Professional (CSSLP®).
International Information Systems Security Certification Consortium, Inc. (ISC)2
Which is the highest level of Check Point certification for network security?
CCMA
A graduate school wants to require a vendor-neutral security certification as one of the entrance requirements for its cybersecurity degree program. Which of the following would best meet that requirement?
CompTIA Security+
In the legal system, ________ is the act of following laws, rules, and regulations that apply to organizations.
Compliance
____________ creates standards that federal agencies use to classify their data and IT systems.
NIST
Information regulated under the Sarbanes-Oxley Act is ________.
Corporate Financial Information
CompTIA's Security+ certification provides ________.
Correct entry-level information security certification of choice for IT professionals
"There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned." This is a disadvantage to choosing the self-study option that can be labeled ________.
procrastination
The four main areas in NIST SP 800-50 are awareness, training, education, and __________________.
professional development
FISMA requires each federal agency to create an agency-wide information security program that includes a plan to fix weaknesses in the program. This is referred to as ________.
remedial action
A master's degree program goes beyond the level of a bachelor's degree program and generally consists of ___________ year(s) of study beyond a bachelor's degree.
two
One type of degree that many institutions offer is the associate's degree. This degree is the most accessible because it generally represents a _________ program.
two-year
A certification that focuses on a specific vendor's product or product line is known as _______________________. Examples include Cisco CCNA and Microsoft MCSE.
vendor-specific
Tier C violations under the HITECH Act are ________.
violations due to willful neglect that the organization ultimately corrected
Social Security numbers, financial account numbers, credit card numbers, and date of birth are examples of __________ as stipulated under GLBA.
NPI
Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______.
NSA
What name is given to educational institutions that meet specific federal information assurance educational guidelines?
National Centers of Academic Excellence in Information Assurance Education (CAE/IAE)
The regulating agency for the Federal Information Systems Management Act is the ________.
Office of Management and Budge
____________ is a person's right to control the use and disclosure of his or her own personal information.
Privacy
(ISC)2 offers the ________ credential, which is ideal for those who are working toward or already hold positions as senior network security engineers, senior security systems analysts, or senior security administrators. It covers the seven domains of best practices for information security.
Systems Security Certified Practitioner
The regulating agency for the Sarbanes-Oxley Act is the ________.
Securities Exchange Commission
FISMA requires each federal agency to create an agency-wide information security program that includes training employees, contractors, and any other users of their IT systems. This is referred to as ________.
Security Awareness Training
Employers do use certifications to help assess prospects, but the best assessment is the prospect's actual performance.
True
The Infotec Security Certified Program (SCP) certification programs apply mainly to network security topics and are most appropriate for professionals involved in securing network components within the IT infrastructure.
True
The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information.
True
Today, one of the most common methods for identifying what skills a security professional possesses is his or her level of certification.
True
The regulating agency for the Family Educational Rights and Privacy Act is the ________.
U.S. Department of Education
An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________.
continuing education
The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree.
continuing education
Health plans, health care clearinghouses, and any health care provider that transmit PHI in an electronic form are known as ________ under HIPAA.
covered entities
FERPA allows a special category of personally identifiable information to be disclosed without student consent. A school can do this so long as it has given notice to the student that it will disclose this information. This category of information is called _____________.
directory information
What name is given to patient health information that is computer based?
electronic protected health information (EPHI)
The standard bachelor's degree is a __________ program.
four-year
The ________ is a regulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function.
minimum necessary rule
With university doctoral programs, completing the degree requirements takes ________.
no standard time frame
What term is used to describe any personally identifiable financial information that a consumer provides to a financial institution?
nonpublic personal information (NPI)
The CompTIA Security+ certification requires how many years of professional experience?
..
The International Information Systems Security Certification Consortium [usually abbreviated '(ISC)2'] considers the ____________ to be its flagship credential. It demonstrates competency in the eight domains of the (ISC)2 body of knowledge, such as Asset Security and Security/Risk Management. It is targeted at middle- and senior-level security managers. It also costs $599 just to take the exam.
CISSP
The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems.
CISSP-ISSEP
The ____________ concentration from (ISC)2 contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program.
CISSP-ISSMP®
What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment?
Certificate of completion
The best fits for (ISC)2's_____________ are personnel responsible for developing and implementing processes used to assess risk and for establishing security requirements.
Certified Authorization Professional
(ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications.
Certified Secure Software Lifecycle Professional
The regulating agency for the Gramm-Leach-Bliley Act is the ________.
FTC
DoD Directive 8570.01 is a voluntary certification requirement and has increased the number of personnel who pursue certifications.
False
_________ standards address a wide variety of topics, including power generation, power transmission and distribution, commercial and consumer electrical appliances, semiconductors, electromagnetics, batteries, solar energy, and telecommunications.
IEC
________ is an international security standard that documents a comprehensive set of controls that represent information systems best practices.
ISO/IEC 27000 series
During a meeting, somebody brings up a wireless LAN standard called 802.11ad. You could search Google, but instead you would rather go directly to the source. What organization is responsible for creating and managing the 802-series of standards?
Institute of Electrical and Electronic Engineers (IEEE)
While there is not yet a recognized program accreditation for cybersecurity, the NSA and Dept. of Homeland Security jointly sponsor programs that recognizes quality security education. The programs recognize research, information assurance education, and two-year programs. The overarching program is called:
The National Centers of Academic Excellence??
Cascading Style Sheets (CSS), Common Gateway Interface (CGI), and Hypertext Markup Language (HTML) are standards developed or endorsed by the ____________.
W3C