chapter 4 info security

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

The ISSP is a plan which sets out the requirements that must be met by the information security blueprint or framework.

false

Good security programs begin and end with policy.

True

SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ________.

blueprint

Standards may be published, scrutinized, and ratified by a group, as in formal or ________ standards.

de jure

The ________is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.

enterprise information security policy EISP

A(n) ________ plan is a plan for the organization's intended strategic efforts over the next several years.

strategic

________often function as standards or procedures to be used when configuring or maintaining systems.

SysSP

The policy administrator is responsible for the creation, revision, distribution, and storage of the policy.

True

To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and policy issuance and planned revision dates

True

Each policy should contain procedures and a timetable for periodic review

true

A managerial guidance SysSP document is created by the IT experts in a company to guide management in the implementation and configuration of technology.

False, created by management

A standard is a written instruction provided by management that informs employees and others in the workplace about proper behavior.

False, policy

A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee's actions.

False, the complete opposite

ACLs are more specific to the operation of a system than rule-based policies and they may or may not deal with users directly.

False, this is configuration rules policy

Redundancy can be implemented at a number of points throughout the security architecture, such as in ________.

Firewalls, proxy servers, and access controls so if one thing fails there are other to back up the security of information

An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.

Framework

The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization.

People

​The goals of information security governance include all but which of the following?

Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care

When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems?

The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799. They had not defined the code yet

You can create a single, comprehensive ISSP document covering all information security issues

true


Ensembles d'études connexes

AP Latin III VERGIL: Aeneid Test 1 by Sedric (finished)

View Set

APUSH Retake (Vers. D/A Questions)

View Set

Informative Essay Vocabulary Terms

View Set

BIO141: MasteringBio - Chapter 5

View Set

Chapter 11 video quizzes and reading quiz

View Set