Security Review 3
A passive IDPS response is a definitive action automatically initiated when certain types of alerts are triggered.
False
Fire detection systems fall into two general categories: manual and electrical.
False
In some organizations, asset management is the identification, inventory, and documentation of the current information system's status—hardware, software, and networking configurations. __________
False
Residual risk is the risk that has not been removed, shifted, or planned for after vulnerabilities have been completely resolved.
False
The Graham-Leach-Bliley Act is a critical piece of legislation that affects the executive management of publicly traded corporations and public accounting firms. _________________________
False
The general management community of interest must plan for the proper staffing of the information security function. _________________________
False
The primary advantages of a centralized IDPS control strategy are cost and ease of use. _________________________
False
The systems development life cycle (SDLC) is the overall process of developing, implementing, and retiring information systems through a multistep approach—from initiation to use. __________
False
Two watchdog organizations that investigate allegations of software abuse are the Software & Information Industry Association (SIIA) and National Security Agency (NSA).
False
An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.
Framework
In many organizations, information security teams lack established roles and responsibilities.
True
SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ________.
Blueprint
A primary mailing list for new vulnerabilities, called simply __________, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.
Bugtraq
The date for sending the final RFP to vendors is considered a(n) __________, because it signals that all RFP preparation work is complete.
Milestone
Acts of ____________________ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.
Trespass
One encryption method made popular by spy movies involves using the text in a book as the key to decrypt a message.
True
Organizations can use dictionaries to regulate password selection during the reset process and thus guard against easy-to-guess passwords.
True
Security efforts that seek to provide a superior level of performance in the protection of information are referred to as best business practices. _________________________
True
The Computer Security Resource Center at NIST provides several useful documents free of charge in its special publications area. _________________________
True
The ISO/IEC 27000 series is derived from an earlier standard, BS7799.
True
The International Society of Forensic Computer Examiners (ISFCE) offers the Certified Computer Examiner (CCE) certification. _________________________
True
The basic function of the external monitoring process is to monitor activity, report results, and escalate warnings. __________
True
The online UPS can deliver a constant, smooth, conditioned power stream to computing systems.
True
The optimal time frame for training is usually one to three weeks before the new policies and technologies come online. _________________________
True
The process of integrating information security perspectives into the hiring process begins with reviewing and updating all job descriptions.
True