CMIS 422 Exam 3 p2

· Regardless of an organization's information security needs, the amount of effort that can be expended depends on the available funds; therefore, a _____ is typically prepared in the analysis phase of the SecSDLC and must be reviewed and verified prior to the development of the project plan.

CBA (cost benefit analysis)

Changes to systems logs are a possible indicator of an actual incident

False

· Summarize the strategies that can be chosen by an organization when planning for business continuity.

The determining factor when selecting a strategy is usually cost. In general, organizations have three exclusive options: hot sites, warm sites, and cold sites. Options are also available for three shared functions: time-shares, service bureaus, and mutual agreements.

Major planning components should be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.

True

: A(n) _____ is a simple project management planning tool used to break the project plan into smaller and smaller steps.

WBS

A(n) _____ is a detailed examination of the events that occurred during an incident or disaster, from first detection to final recovery.

after-action review

Which of the following are NOT technologies commonly deployed in biometric locks?

breathalyzers

A cryptovariable is a value representing the application of a hash algorithm on a message.

false

A rapid-onset disaster is one that gradually degrades the capacity of an organization to withstand their effects.

false

A secure facility uses a different defense-in-depth strategy as logical network security.

false

A(n) key is the set of steps used to convert an unencrypted message into an encrypted sequence of bits that represent the message; it sometimes refers to the programs that enable the cryptographic processes. _____

false

Adopted by NIST in 1976 as a federal standard, DES uses a 64-bit block size and key.

false

An effective information security governance program requires constant change. _____

false

An incident is an adverse event that could result in a loss of information assets and threatens the viability of the entire organization.

false

Crisis response is an organization's set of planning and preparation efforts for dealing with potential human injury, emotional trauma, or loss of life as a result of a disaster.

false

Database shadowing duplicates data in real-time data storage, but does not back up the databases at the remote site.

false

Encryption methodologies that require the same secret key to encipher and decipher the message are using public-key encryption. _____

false

In 1953, Giovan Batista Bellaso introduced the idea of the passphrase (password) as a key for encryption.

false

In a book cipher, the key consists of a list of codes representing the page number, line number, and word number of the plaintext word. _____

false

In general, the design phase is accomplished by changing the configuration and operation of the organization's information systems to make them more secure.

false

In some organizations, status management is the identification, inventory, and documentation of the current information system's status—hardware, software, and networking configurations. _____

false

Performance management is the process of identifying and controlling the resources applied to a project as well as measuring progress and adjusting the process as progress is made toward the goal. _____

false

Root cause analysis is the coherent application of methodical investigatory techniques to present evidence of crimes in a court or similar setting.

false

SSL builds on the encoding format of the digital encryption standard (DES) protocol and uses digital signatures based on public-key cryptosystems to secure e-mail.

false

Symmetric encryption uses two different but related keys, and either key can be used to encrypt or decrypt the message. _____

false

TechTarget is a set of moderated mailing lists full of detailed, full-disclosure discussions and announcements about computer security vulnerabilities and is sponsored in part by SecurityFocus. _____

false

The HTTPS security solution provides six services: authentication by digital signatures, message encryption, compression, e-mail compatibility, segmentation, and key management.

false

The disaster recovery preparation team (DRPT) is the team responsible for designing and managing the DR plan by specifying the organization's preparation, response, and recovery from disasters. _____

false

The first step in the work breakdown structure (WBS) is to break down the project plan into its action steps.

false

The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).

false

The parallel operations strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system dramatically interfering with the performance of the organization as a whole. _____

false

The primary goal of the external monitoring domain is to maintain an informed awareness of the state of all the organization's networks, information systems, and information security defenses. _____

false

The target selection step of Internet vulnerability assessment involves using the external monitoring intelligence to configure a test engine (such as Nessus) for the tests to be performed.

false

The total time needed to place the business function back in service must be longer than the maximum tolerable downtime.

false

To justify the amount budgeted for a security project, it may be useful for the organization to adopt the budgets of larger, more successful organizations.

false

To perform the Caesar cipher encryption operation, the pad values are added to numeric values that represent the plaintext that needs to be encrypted.

false

Wireless vulnerability assessment begins with the planning, scheduling, and notification of all Internet connections, and is usually performed on the organization's networks using every possible approach to penetration testing.

false

what is not a role in crisis management response teams

informing local emergency services to respond to the crisis

one potential disadvantage of a timeshare site resumption strategy is

more than one organization might need the facility

· Prior to the development of each of the types of contingency planning documents, the CP team should work to develop the corresponding ___ environment.

policy

A business process is a task performed by an organization or one of its units in support of the organization's overall mission and operations.

true

A task or subtask becomes a(n) action step when it can be completed by one individual or skill set and when it includes a single deliverable. _____

true

An alert message is a description of the incident or disaster that usually contains just enough information so that each person knows what portion of the IR or DR plan to implement without slowing down the notification process.

true

An example of the type of vulnerability exposed via traffic analysis occurs when an organization is trying to determine if all its device signatures have been adequately masked. _____

true

As dictated by the bull's-eye model, until sound and usable IT and information security policies are developed, communicated, and enforced, no additional resources should be spent on other controls.

true

Bluetooth is a de facto industry standard for short-range wireless communications between devices.

true

Corrective action decisions are usually expressed in terms of trade-offs. _____

true

External monitoring entails forming intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers within the organization.

true

For configuration management and control, it is important to document the proposed or actual changes in the system security plan. _____

true

Forensics can provide a determination of the source or origin of an event, problem, or issue like an incident.

true

If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well.

true

In the physical design phase, specific technologies are selected

true

Over time, external monitoring processes should capture information about the external environment in a format that can be referenced across the organization as threats emerge and for historical use.

true

PKI systems are based on public-key cryptosystems and include digital certificates and certificate authorities.

true

Remediation is the processes of removing or repairing flaws in information assets that cause a vulnerability or reducing or removing the risk associated with the vulnerability.

true

The Security Development Life Cycle (SDLC) is a general methodology for the design and implementation of an information system. _____

true

The business impact analysis is a preparatory activity common to both CP and risk management.

true

The chain of evidence is the detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition.

true

The disaster recovery planning team (DRPT) is the team responsible for designing and managing the DR plan by specifying the organization's preparation, response, and recovery from disasters.

true

The most common hybrid system is based on the Diffie-Hellman key exchange, which is a method for exchanging private keys using public-key encryption.

true

The optimal time frame for training is usually one to three weeks before the new policies and technologies come online. _____

true

The organization must choose one of two philosophies that will affect its approach to IR and DR as well as subsequent involvement of digital forensics and law enforcement: the two approaches are protect and forget, and apprehend and prosecute

true

The permutation cipher simply rearranges the values within a block to create the ciphertext.

true

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out.

true

The size of the organization and the normal conduct of business may preclude a large training program on new security procedures or technologies.

true

There are several key ongoing activities that can assist in monitoring and improving an organization's information governance activities, including plans of action and milestones, measurement and metrics, continuous assessment and configuration management.

true

Weak management support, with overly delegated responsibility and no champion, sentences a project to almost-certain failure.

true

When an asymmetric cryptographic process uses the sender's private key to encrypt a message, the sender's public key must be used to decrypt the message.

true

What is a security facility? Provide an description of a secure facility from the employee's perspective, from with the parking lot to their office.

· A secure facility is A physical location with access barriers and controls in place to minimize the risk of attacks from physical threats.A secure facility includes the same defense-in-depth strategy as logical network security. Any intrusion attempt, whether natural or human-made, should be confronted with multiple layers of defense, including those for the facility's location, the drive to and onto the facility grounds, and multiple layers of physical access controls needed to gain access to information. This could start with a facility guard at the employee parking lot, continue through a keycard mantrap, and end in the lock-and-key process necessary to access employees' individual offices.