CIS 286 Quiz 3

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

blueprint

SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ____.

domains

Security ______ are the areas of trust within which users can freely communicate.

de jure

Standards may be published, scrutinized, and ratified by a group, as in formal or __________ standards.

EISP

The ______ is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.

tactical planning

The actions taken by management to specify the intermediate goals and objectives of the organization are ____________.

operational planning

The actions taken by management to specify the short-term goals and objectives of the organization are ________.

standard

A detailed statement of what must be done to comply with management intent is known as a __________.

framework

An information security _______ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.

identify and prioritize for improvement within the context of a continuous and repeatable process

In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework, which intends to allow organizations to _____________.

guideline

Nonmandatory recommendations the employee may use as a reference is known as a _______.

Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care

The goals of information security governance include all but which of the following?

people

The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the _______ side of the organization.

management

The stated purpose of ISO/IEC 27002:2013 is to give guidelines for organizational information security standards and information security __________ practices.

The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799.

When ISO 17799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems?

The application of the principle and practices of corporate governance to the information security function.

Which of these best defines information security governance?

Managerial

____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.

Operational

_____ controls address personnel security, physical security, and the protection of production inputs and outputs.

SysSPs

_____ often function as standards or procedures to be used when configuring or maintaining systems.

Defense in depth

_________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection.

Reduncancy

___________ is a strategy of suing multiple types of controls that prevent the failure of one system from compromising the security of informaiton.


Set pelajaran terkait

Personal Finance BUS 125 Chapter 6 quiz

View Set

MMB CFRE Flashcards: Domain 2 Securing the Gift

View Set

Chapter 15: Supply Chain Management

View Set

States and Union Territories of India Maps and Capitals

View Set