Fundamental Information Security Chapter 12: Information Security Standards

Which Institute of Electrical and Electronics Engineers (IEEE) standard covers wireless LANs? 802.3 802.11 802.16 802.18

802.11

Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) model. What other two layers of the model will her component need to interact with? Network and Session Session and Transport Application and Session Application and Transport

Application and Session

Maya is creating a computing infrastructure compliant with the Payment Card Industry Data Security Standard (PCI DSS). What type of information is she most likely trying to protect? Health records Credit card information Educational records Trade secrets

Credit card information

Which element is NOT a core component of the ISO 27002 standard? Risk assessment Cryptography Asset management Access control

Cryptography

Which technology category would NOT likely be the subject of a standard published by the International Electrotechnical Commission (IEC)? Semiconductors Solar energy Encryption Consumer appliances

Encryption

Which organization creates information security standards that specifically apply within the European Union? International Telecommunication Union (ITU) American National Standards Institute (ANSI) European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER) Institute of Electrical and Electronics Engineers (IEEE)

European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)

The International Standard Book Number (ISBN) is an IEEE standard. True False

False

The National Institute of Standards and Technology (NIST) is a nongovernmental organization whose goal is to develop and publish international standards. True False

False

The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues. True False

False

The National Institute of Standards and Technology (NIST) publishes the IEEE 802 LAN/MAN standard family. True False

False

Gary is troubleshooting a security issue on an Ethernet network and would like to look at the Ethernet standard. What publication should he seek out? NIST 800-53 IEEE 802.3 ANSI x.1199 ISO 17799

IEEE 802.3

Juan comes across documentation from his organization related to several information security initiatives using different standards as their reference. Which International Organization for Standardization (ISO) standard provides current guidance on information security management? ISO 17799 ISO 9000 ISO 27002 ISO 14001

ISO 27002

Bill is conducting an analysis of a new IT service. He would like to assess it using the Open Systems Interconnection (OSI) model and would like to learn more about this framework. What organization should he turn to for the official definition of OSI? Ocean Surveillance Information System (OSIS) International Organization for Standardization (ISO) National Institute of Standards and Technology (NIST) Information Systems Audit and Control Association (ISACA)

International Organization for Standardization (ISO)

Which organization promotes technology issues as an agency of the United Nations? International Telecommunication Union (ITU) Institute of Electrical and Electronics Engineers (IEEE) American National Standards Institute (ANSI) Internet Assigned Numbers Authority (IANA)

International Telecommunication Union (ITU)

What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?" National Institute of Standards and Technology (NIST) Federal Communications Commission (FCC) Federal Trade Commission (FTC) National Aeronautics and Space Administration (NASA)

National Institute of Standards and Technology (NIST)

Which document is the initial stage of a standard under the Internet Engineering Task Force (IETF) process? Proposed Standard (PS) Draft Standard (DS) Standard (STD) Best Current Practice (BCP)

Proposed Standard (PS)

ISO/IEC 27002 provides organizations with best-practice recommendations on information security management. True False

True

Payment Card Industry Data Security Standard (PCI DSS) version 3.2 defines 12 requirements for compliance, organized into six groups, called control objectives. True False

True

Standards provide guidelines to ensure that products in today's computing environments work together. True False

True

The Institute of Electrical and Electronics Engineers (IEEE) publishes or sponsors more than 13,000 standards and projects. True False

True

The International Electrotechnical Commission (IEC) is the predominant organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes. True False

True

The International Electrotechnical Commission (IEC) was instrumental in the development of standards for electrical measurements, including gauss, hertz, and weber. True False

True

The International Organization for Standardization (ISO) organizes its standards by both the International Classification for Standards (ICS) and the Technical Committee (TC) to which it assigns each standard. True False

True

The International Telecommunication Union (ITU) was formed in 1865 as the International Telegraph Union to develop international standards for the emerging telegraph communications industry. True False

True

Visa, MasterCard, and other payment card vendors helped to create the Payment Card Industry Data Security Standard (PCI DSS). True False

True

What series of Special Publications does the National Institute of Standards and Technology (NIST) produce that covers information systems security activities? 600 700 800 900

800

Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determine that the problem likely resides at the Presentation Layer of the Open Systems Interconnection (OSI) model. Which technology is the most likely suspect? User interface Encryption Routing Signaling

Encryption

All request for comments (RFC) originate from the Internet Engineering Task Force (IETF). True False

False

Which organization created a standard version of the widely used C programming language in 1989? Institute of Electrical and Electronics Engineers (IEEE) International Organization for Standardization (ISO) American National Standards Institute (ANSI) European Telecommunications Standards Institute (ETSI)

American National Standards Institute (ANSI)

The Internet Architecture Board (IAB) is a subcommittee of the IETF. True False

True

The Internet Architecture Board (IAB) serves as an advisory body to the Internet Society (ISOC). True False

True

What type of publication is the primary working product of the Internet Engineering Task Force (IETF)? Special Publication (SP) Request for comment (RFC) ISO standard Public service announcement (PSA)

Request for comment (RFC)

What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)? Architecture for Internet protocols and procedures Editorial and publication procedures for requests for comments (RFCs) Confirmation of IETF chairs Subject matter expertise on routing and switching

Subject matter expertise on routing and switching

ANSI produces standards that affect nearly all aspects of IT. True False

True

American National Standards Institute (ANSI) was formed in 1918 through the merger of five engineering societies and three government agencies. True False

True

Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model? Network Application Physical Session

Network

Allie is working on the development of a web browser and wants to make sure that the browser correctly implements the Hypertext Markup Language (HTML) standard. What organization's documentation should she turn to for the authoritative source of information? International Electrotechnical Commission (IEC) National Institute of Standards and Technology (NIST) World Wide Web Consortium (W3C) Internet Engineering Task Force (IETF)

World Wide Web Consortium (W3C)