Midterm True or False
Risk management is responding to a negative event when it occurs
True
Deterrent controls identify that a threat has landed in your system.
False
Most enterprises are well prepared for a disaster should one occur.
False
Risk refers to the amount of harm a threat exploiting a vulnerability can cause.
False
The Sarbanes Oxley (SOX) Act requires all types of financial institutions to protect customers' private financial information.
False
The term risk methodology refers to a list of identified risks that results from the risk identification process.
False
The System/Application Domain holds all the mission-critical systems, application and data.
True
The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary.
True
The main goal of a hacker is to steal or compromise IT assets and potentially steal data.
True
The primary steps to disaster recovery include the safety of individuals, containing the damage, and assessing the damage and beginning the recovery operations.
True
War driving involves looking for open or public wireless networks
True
With respect to IT security a risk can result in either positive or a negative effect.
True
A VPN router is a security appliance that is used to filter IP packets
False
Vishing is a type of wireless network attack.
False
The process of describing a risk scenario and then determining the degree of impact that event would have on business operations is quantitative risk analysis.
False
Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.
True
The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.
True
Using security policies, standards, procedures, and guidelines helps organizations decrease risks and threats.
True
With adequate security controls and defenses, an organization can often reduce its risk to zero.
False
Simple Network Management Protocol (SNMP) is used for network device monitoring, alarm and performance.
True
A IT security policy framework is like an outline that identifies where security controls should be used.
True
A SYN attack floods a target with invalid or half open TCP connection requests.
True
A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster.
True
A man-in-the-middle attack takes advantage of the multihop process used by many types of networks.
True
A vulnerability is any exposure that could allow a threat to be realized.
True
Access control lists (ACLs) are used to permit and deny traffic in an IP router.
True
An alteration threat violates information integrity.
True
Encrypting email communications is needed if you are sending confidential information within an email message through the public internet.
True
Falling to prevent an attack all but invites an attack.
True
If you are a publicly traded company or U.S. federal government agency, you must go public and announce that you have had a data breach and must inform the impacted individuals of that data breach.
True
Implementing and monitoring risk responses are part of the risk management process.
True
Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information.
True
Organizations should start defining their IT security policy framework by defining an asset clarification policy.
True