Ch 5,6
Service bureau
A _______ is an agency that provides physical facilities in the event of a disaster for a few.
all of the above
A fundamental difference between a BIA and risk management is that risk management focuses on identifying threats, vulnerabilities, and attacks to determine which controls can prevent information, while the BIA assumes _______.
More than one organization might need the facility
A potential disadvantage if a timeshare site resumption strategy is:
Hot site
A resumption location known as a ______ is a fully configured computer facility capable of establishing operations at a moments notice.
Alert roster
An ________ is a document containing contact information for the people to be notified in the event of an incident.
Disk to disk to cloud
An organization. Aggregates all local backups to a central repository and then backs up the repository to an online vendor with a ________ backup strategy.
Intent
Criminal or unethical _______ goes to the state of mind if the individual performing the act.
Retention
Data backup should be used on a ______ policy that specifies how long log data should be maintained.
Informing local emergency services to respond to the crisis
Each of the following is a role for the crisis management response team EXCEPT:
Internet
In 2001, the council of Europe drafted the European council cybercrime convention, which empowers an international task force to oversee a range of security functions associated with _______ activities.
All of the other answers are correct
In 2002, congress passed the federal information security act (FISMA), which mandates that all federal agencies ______.
Singapore
In the 1999 study of computer use ethics, which if the following countries reported the least tolerant attitudes toward misuse of organizational computing resources?
By accident and/or through unintentional negligence
Individuals with authorization. And privileges to manage information within the organization are most likely to cause harm or damage _________.
Data security
Payment card industry _______ standards are designed to enhance the security of customers payment card account data.
Daily on site
Th most common schedule for tape based backup is a ____ backup, either incremental if differential, with a weekly off site full backup.
All of these are BIA stages
The CPMT conducts the BIA in three stages. Which of the following is NOT one of those stages?
champion
The CPMT should include a _______ who is a high level manager to support, promote, and endorse the funding of the project and could be the COO or the CEO/president.
Kennedy-Kessebaum
The Health Insurance Portability and Accountability Act of 1996, also known as the __________ Act, protects the confidentiality and security of health-care data by establishing and enforcing standards and by standardizing electronic data interchange.
Computer fraud and abuse act
The National Information Infrastructure Protection Act of 1996 modified which Act?
Security and Freedom through Encryption Act
The _____ of 1999 provides guidance on the use of encryption and provides protection from government intervention.
USA PATRIOT Act
The _______ defines stiffer penalties for prosecution if terrorism related activities.
Fraud
The computer _________ and abuse act of 1986 is the cornerstone of many compute related federal laws and enforcement efforts.
Chain of evidence
The detailed documentation of the collection, storage, transfer, and ownership of evidentiary material from the crime scene through its presentation in court and its eventual disposition is called a ______.
Recovery Time Objective (RTO)
The maximum amount of time that a system resource can remain unavailable before there is an unacceptable impact on other system resources is _______.
Recovery Point Objective (RPO)
The point in time before a disruption or system outage to which business process data can be recovered after an outage is _______.
Marketing
The privacy of customer information section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any _______ purposes.
disaster classification
The process of examining an adverse event or incident and determining whether it constitutes an actual disaster is known as _________.
Electronic vaulting
The transfer of large batches of data to an off site facility, usually through leased lines or services, is called ______.
Remote journaling
The transfer of transaction data in real time to an off site facility is called ________.
Identity theft
The unauthorized taking of person information with the intent of committing fraud and abuse of a persons financial and personal reputation, purchasing goods and services is vices without authorization, and generally impersonating the victim for illegal or unethical purpose is know as _________
Ignorance
There are three general causes of unethical and illegal behavior: _______, accident, and intent.
Federal agency information security
What is the object of the computer security act if 1987?
Electronic communication privacy act
Which if the following acts is a collection of statutes that regulate the interception if wire, electronic, and oral communications?
Organizations of every size and purpose should also prepare for the unexpected
Which type of organizations should prepare for the unexpected?
Damage assessment
______ is the rapid determination of the scope of the breach in the confidentiality, integrity, and availability of information and information assets during or just following an incident.
Public
______ law regulates the structure and administration of government agencies and their relationships with citizens, employees, and other governments.
ISACA
_______ is a professional association that focuses on auditing, control, and security. The membership comprises both technical and managerial professionals.
Civil
_______ law comprises a wide variety of laws pertaining to relationships among individuals and organizations.
RAID
_______ uses a number of hard drives to store informa to on across multiple drive units.
Fair
________ use allows copyrighted materials to be used to support news reporting, teaching, scholarship, and similar activities, if the use is for educational or library purposes, is not for profit, and is not excessive.
