Management and Information Security Exam 3 ch.5-6

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which of the following is an advantage of the one-on-one method of training?

Trainees can learn from each other

The recognition, enumeration, and documentation of risks to an organization's information assets. is known as risk control. true or false

True

An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?

Uncertainty

Which of the following is an advantage of the user support group form of training?

Usually conducted in an informal social setting

The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____.

Vulnerability mitigation controls

The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables. True and False

false

Which of the following is NOT a step in the process of implementing training?

identify target audiences

Which function needed to implement the information security program includes researching, creating, maintaining, and promoting information security plans?

planning

A SETA program consists of three elements: security education, security training, and which of the following?.

security awareness

Which of the following is the most cost-effective method for disseminating security information and news to employees?

security newsletter

Which of the following is true about the security staffing, budget, and needs of a medium-sized organization?

they have a larger security budget (as percent of IT budget) than a small organization

The work breakdown structure (WBS) can only be prepared with a complex specialized desktop PC application. true or false

true

Determining the cost of recovery from an attack is one calculation that must be made to identify risk, what is another?

Cost of prevention

Which of the following is a network device attribute that may be used in conjunction with DHCP, making asset-identification using this attribute difficult?

IP address

Which of the following is the first step in the process of implementing training?

Identify program scope, goals, and objectives

What is the final step in the risk identification process?

Listing assets in order of importance

Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

Manufacturer's model or part number

Once an information asset is identified, categorized, and classified, what must also be assigned to it?

Relative value

Data classification schemes should categorize information assets based on which of the following?

Sensitivity and security needs


Ensembles d'études connexes

Chapter 1 CCNA routing and Switching Q&A

View Set

Digestive system & metabolism/nutrition energetics

View Set

Chapter 18: Impact of Cognitive or Sensory Impairment on the Child and Family

View Set

Lippincott's QA review book ?s: Eyes and Ears

View Set

*Adobe Visual Design - Illustrator - 2.03* Understand Adobe Illustrator CC interface

View Set

Chapter 21 The Immune System Innate and Adaptive body Defenses

View Set

Chapter 25 Cardiovascular System MA

View Set

Brunswick A-2 B-Mechanic Training -- Machine

View Set

Med term chapter 1 review questions

View Set