CYB 115

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

_________ equals the probability of a successful attack multiplied by the expected loss from a successful attack plus an element of uncertainty.

Risk

The __________ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.

acceptance

The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees.

accidental

A(n) _________ is a document containing contact information for the people to be notified in the event of an incident.

alert roster

Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.

control

The stated purpose of ISO/IEC 27002 is to "offer guidelines and voluntary directions for information security __________."

management

The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization.

people

RAID is an acronym for a __________ array of independent disk drives that stores information across multiple units to spread out data and minimize the impact of a single drive failure.

redundant

A(n) ________ plan is a plan for the organization's intended strategic efforts over the next several years.

strategic

Federal agencies such as the NSA, FBI, and CIA use specialty classification schemes. For materials that are not considered "National Security Information," __________ data is the lowest-level classification.

unclassified

​Security __________ are the areas of trust within which users can freely communicate.

​domains

The formal decision-making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) __________.

CBA

The ________is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.

EISP

The __________ plan specifies the actions an organization can and should take while an adverse event is in progress. An adverse event could result in loss of an information asset or assets, but it does not currently threaten the viability of the entire organization.

IR

According to Bishop, what is the goal of the authentication system?

It is to ensure that entities are correctly identified.

_________ addresses are sometimes called electronic serial numbers or hardware addresses.

MAC

________ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.

Managerial

__________ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.

Operational

__________ is an asset valuation approach that uses categorical or non-numeric values rather than absolute numerical measures.

Qualitative assessment

According to Bishop, what are the assumptions underlying effective biometric authentication systems.

1) The transmission from the biometric device to the computer's analysis process is tamperproof. 2) The biometric device is accurate in the environment in which it is used. (All of the above.)

According to Bishop, which of the following is a technique for thwarting Type 2 password attacks?

1) disabling 2) disconnection 3) jailing (All of the above)

According to NIST SP 800-14's security principles, security should ________.

1)support the mission of the organization 2)require a comprehensive and integrated approach 3)be cost-effective (All of the above)

​The goals of information security governance include all but which of the following?

1)​ Strategic alignment of information security with business strategy to support organizational objectives ​2) Risk management by executing appropriate measures to manage and mitigate threats to information resources ​3) Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved 4)EXCEPT: Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care

__________ is simply how often you expect a specific type of attack to occur.

ARO

__________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection.

Defense in depth

According to Bishop, nearly all passwords can eventually be guessed. What then is the goal of those trying to defend passwords from attack?

The goal is to maximize the time needed to guess the password.

According to Bishop, which of the following describes the role performed by complementation functions in an authentication system.

They perform the role of generating the complementary information from the authentication information

Risk _________ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.

appetite

Some people search trash and recycling bins—a practice known as _________—to retrieve information that could embarrass a company or compromise information security.

dumpster diving

In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework, which intends to allow organizations to __________.

identify and prioritize opportunities for improvement within the context of a continuous and repeatable process


Set pelajaran terkait

Chapter 26: The Newborn at Risk: Conditions Present at Birth

View Set

Another name for the gastrointestinal tract is:

View Set