CIS 3660-Final Chapter 4

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

A managerial guidance SysSP document is created by the IT experts in a company to guide management in the implementation and configuration of technology.

False

A standard is a written instruction provided by management that informs employees and others in the workplace about proper behavior.

False

A(n) alarming event is an event with negative consequences that could threaten the organization's information assets or operations.

False

A(n) sequential roster is activated as the first person calls a few people on the roster, who in turn call a few other people.

False

Database shadowing duplicates data in real-time data storage, but does not back up the databases at the remote site.

False

Each policy should contain procedures and a timetable for periodic review.

True

Evidence is the physical object or documented information that proves an action occurred or identifies the intent of a perpetrator.

True

Failure to develop an information security system based on the organization's mission, vision, and culture guarantees the failure of the information security program.

True

Managerial controls set the direction and scope of the security process and provide detailed instructions for its conduct.

True

Security training provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely.

True

Some policies may also need a(n) sunset clause indicating their expiration date.

True

The Computer Security Resource Center at NIST provides several useful documents free of charge in its special publications area.

True

The ISO/IEC 27000 series is derived from an earlier standard, BS7799.

True

The policy administrator is responsible for the creation, revision, distribution, and storage of the policy.

True

The stated purpose of ISO/IEC 27002 is to offer guidelines and voluntary directions for information security management.

True

To achieve defense in depth, an organization must establish multiple layers of security controls and safeguards.

True

To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and policy issuance and planned revision dates.

True

A cold site provides many of the same services and options of a hot site, but at a lower cost.

False

In 2016, NIST published a new Federal Master Cybersecurity Framework to create a mandatory framework for managing cybersecurity risk for the delivery of critical infrastructure services at every organization in the United States, based on vendor-specific technologies.

False

One of the basic tenets of security architectures is the layered implementation of security, which is called defense in redundancy

False

Systems-specific security policies are organizational policies that provide detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies.

False

The ISSP is a plan which sets out the requirements that must be met by the information security blueprint or framework.

False

The key components of the security perimeter include firewalls, DMZs (demilitarized zones), Web servers, and IDPSs

False

The operational plan documents the organization's intended long-term direction and efforts for the next several years.

False

The security model is the basis for the design, selection, and implementation of all security program elements, including policy implementation and ongoing policy and program management.

False

Within security perimeters the organization can establish security redundancies, each with differing levels of security, between which traffic must be screened.

False

​An attack, breach of policy, or other incident always constitutes a violation of law, requiring notification of law enforcement.

False

A service bureau is an agency that provides a service for a fee

True

A(n) capability table specifies which subjects and objects users or groups can access.

True


Set pelajaran terkait

Laryngology ENT MCQS- 4th Year- PMU

View Set

BIOL 1001 Hrincevich Chapter 2 HW/Quiz Questions

View Set

Kin 242 Chapter 16 Practice Quiz

View Set