CTS chapter 11

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

The ISSEP allows CISSP certificate holders to demonstrate expert knowledge of all of the following except __________.

international laws

Like the CISSP, the SSCP certification is more applicable to the security__________ than to the security __________.

manager, technician

Security ____________________ are accountable for the day-to-day

managers

When new employees are introduced into the organization's culture and workflow, they should receive an extensive information security briefing as part of their employee ____________________.

orientation

Separation of ____________________ is used to reduce the chance of an individual violating information security and breaching the confidentiality, integrity, or availability of information.

duties

The CISSP certification requires both the successful completion of the examination and an ____________________

endorsement

Certifications are designed to recognize ____________________ in their respective fields.

experts

"Builders" in the field of information security provide day-to-day systems monitoring and use to support an organization's goals and objectives.

false

CompTIA offers a vendor-specific certification program called the Security+ certification

false

Many hiring managers in information security prefer to recruit a security professional who already has proven HR skills and professional experience, since qualified candidates with information security experience are scarce. _________________________

false

The CISA credential is geared toward experienced information security managers and others who may have similar management responsibilities.

false

The CISSP concentrations are available for CISSPs to demonstrate knowledge that is already a part of the CISSP CBK.

false

The general management community of interest must plan for the proper staffing of the information security function. _________________________

false

The most common credential for a CISO-level position is the Security+ certification. _________________________

false

The security manager position is much more general than that of the CISO.

false

ISSEP stands for Information Systems Security Experienced Professional. _________________________

false, engineering

ISSMP stands for Information Systems Security Monitoring Professional.

false. Management

ISACA offers the CGEIT as well as the CISA and ____________________ certifications.

CISM

The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain

CISSSP

The model commonly used by large organizations places the information security department within the __________ department.

Information Technology

What functions does the CISO perform?

Manages the overall information security program for the organization Drafts or approves information security policies Works on strategic plans, tactical plans, and operational plans Develops information security budgets Sets priorities for the purchase and implementation of information security projects and technology Makes decisions or recommendations for the recruiting, hiring, and firing of security staff Acts as the spokesperson for the information security team

Once a candidate has accepted a job offer, the employment ____________________ becomes an important security instrument.

contract

what tasks must be performed when an employee prepares to leave an organization?

access to organizations systems must be disables removable media must be returned hard drives must be secured file cabinet locks must be changed office door locks must be changed keycard access must be revoked personal effects must be removed from premise An exit interview should be conducted to remind employee of contractual obligations and to obtain feedback on their tenure at the organization.

The information security function can be placed within the __________.

all of the above

SANS developed a series of technical security certifications in 1999 that are known as the Global Information ____________________ Certification or GIAC family of certifications

assurance

Sometimes, contracted employees are self-employed or are employees of an organization hired for a specific, one-time purpose. These people are typically referred to as ____________________.

consultants

The International Society of Forensic Computer Examiners (ISFCE) offers which certifications?

both

According to Schwartz, Erwin, Weafer, and Briney, "__________" are the real techies who create and install security solutions.

builders

Because the goals and objectives of CIOs and CISOs tend to contradict each other, InformationWeek recommends: "The people who do and the people who watch shouldn't report to a ____________________ manager."

common

_________ is a cornerstone in the protection of information assets and in the prevention of financial loss.

separation of duties

__________ is the requirement that every employee be able to perform the work of another employee.

task rotation

ISSAP stands for Information Systems Security Architecture Professional. _________________________

true

The general management community of interest must work with information security professionals to integrate solid information security concepts into the personnel management practices of the organization.

true

Related to the concept of separation of duties is that of ____________________, the requirement that two individuals review and approve each other's work before the task is categorized as finished.

two-person/dual control

Which of the following is not one of the categories of positions defined by Schwartz, Erwin, Weafer, and Briney?

user


Ensembles d'études connexes

Health Assessment Prep U: Chapter 16- Assessing the Eyes

View Set

Anatomy and Physiology Exam 1 (SuperExam)

View Set

Chapter 18 (Part 3)- Eating Disorders

View Set

Ch 20 Forming & Operating Partnership, Tax 332 Chapter 20, ACCT 4343-Tax of Business Ch.9

View Set

M13 Chapter 12 Retrofit and Future Trends AUTI 142

View Set

apush chapter 16 vocab, apush ch 17 vocab, apush ch 18 vocab, chapter 19 apush vocab (period 6)

View Set

General Biology Chapter 10 Quiz, General Bio Ch.9, Biology Study Guide 2 (3/3), Bio quiz 5,6,7,8

View Set

EIP 1 Midterm Study Unit 2: Research & Professional Writing

View Set

Chapter 26 NCLEX Style Review Questions

View Set