Chapter 7

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

The section of the security newsletter that informs or educates staff and serves as an information security glossary is called __________________________.

"What Is . . . ?"

The shared belief system of employees in a business or company is known as the _____________________.

organizational culture

A good example of ___________________ is a real estate business that shares data on new home purchases between the unit that sells insurance for the home and the business unit that sold the home.

Service integration

Which of the following scenarios demonstrates consideration of building consensus on intent?

A manager calls a meeting with employees to discuss the drivers for the change in terms of the architecture operating model and principles.

There are no universal prescriptions for building an IT security program. Instead, principles can be used to help make decisions in new situations using industry best practices and proven experience. Which of the following is not created with the use of principles?

Business plan

Policy and standards often change as a result of business drivers. One such driver, known as ___________________, occurs when business shifts and new systems or processes are incorporated; these business shifts and new systems and processes may differ from what a standard or policy requires.

business exceptions

In any event in which customer data is involved, it is necessary to check with the ___________________ on the legal requirements related to managing and use of that data.

compliance team

The different concepts in the architecture operating model are aligned with how the business chooses to integrate and standardize with an enterprise solution. In the___________________, the technology solution shares data across the enterprise.

coordinated operating model

The_____________________ principle states that it is important to consider your users or partners when requiring information that could place their privacy rights at risk. Thus, the security of an information system should be balanced against the rights of customers, users, and other people affected by the system versus your rights as the owners and operators of these systems.

democracy

When publishing your policy and standards library, it is necessary to evaluate the communications tools that are available in your organization. Which of the following statements best captures one of the best practices for publishing your documents?

It is good idea to create separate Web pages for each document and provide a link to the document itself on that Web page.

A manager creates a policy document that lists the policy name, identifying information, and the operational policy. When she gets to the section marked "roles and responsibilities," she is uncertain if she should include the names of the individuals assigned to the roles and responsibilities, but decides ultimately that she will because these individuals were newly appointed and have played an active role in reviewing and providing feedback on the policy. Which of the following statements is an accurate assessment of this manager's choice to include the names of the individuals?

The manager should not have included the names because even though they were newly appointed, individuals join and leave and the company.

Of the principles that can be used to derive control requirements and help make implementation decisions, which principle functions as a deterrent control and helps to ensure that people understand they are solely responsible for actions they take while using organization resources?

accountability principle

Security controls are measures taken to protect systems from attacks on the integrity, confidentiality, and availability of the system. If a potential employee is required to undergo a drug screening, which of the following controls is being conducted?

administrative controls

The new class of software available to support policy management and publication is called Governance, Risk, and Compliance (GRC). Which of the following explanations fits the "governance" category of the software?

assessing the proper technical and non-technical operation of controls and remediating areas where controls are lacking or not operating properly

The ultimate goal of the review and approval processes is to gain senior executive approval of the policy or standard by the chief information security officer (CISO). In order to gain this approval, the CISO requires all parties to sign off on the document. Which of the following is not among the suggested list of people who should be given the chance to become a second or third layer of review?

finance

In order to promote continued learning and development among staff, a security newsletter can be created to offer interesting and captivating ways of comprehending the points outlined in the policy and standards library. Which of the following is not one the possible article topics to be covered?

profiles identifying the evangelists in the organization

Transparency is an important concept in policies related to the handling and use of customer data. Organizations should be transparent and should notify individuals of the distribution, use, collection, and maintenance of personally identifiable information (PII). Which of the following elements does not need to be included with regard to handling of customer data?

response controls

Before publishing major policy changes, it can be beneficial to conduct a _______________ in order to offer employees an explanation of the upcoming changes and create a space for dialogue.

roadshow

A ____________________ can be used to hierarchically represent a classification for a given set of objects or documents.

taxonomy

Policies and standards are a collection of concrete definitions that describe acceptable and unacceptable human behavior. The questions related to_______________ are more appropriate for procedures or guidelines than policies or standards, which require detail that is more at the level of________________.

where, when, and how; what, who, and why


Ensembles d'études connexes

Chapter 6: Understand Consumers and Business Markets

View Set

Topic 2 - volume of distribution

View Set

Astronomy Chapter 4 and 5 Study Guide

View Set

Chapter 1: Introduction to Legal Principles and Authorities

View Set

Chapter #14 - Servicing & Maintance

View Set

Elsevier NCLEX Renal/Musculoskeletal

View Set

AP Human Geography Sustainable Development Goals

View Set