HS Midterm
A content filter
A network filter that allows administrators to restrict access to external content from within a network is known as a _____.
The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees.
Accidental
_____ is a respected professional society founded in 1947 as "the world's first educational and scientific computing society."
Association of Computing Machinery (ACM)
Which of the following is NOT a threat to information security systems?
Availibility
In information security governance who is responsible for policy, procedures, and training?
Chief Information Officer
The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.
Chief Information Security Officer(CISO)
What is a type of law that addresses violations harmful to society and that is enforced by prosecution by the state?
Criminal Law
All traffic exiting from the trusted network should be filtered.
False
The information security blueprint build's on top of an organizations information security standards.
False
The law that provides any person with the right to request access to federal agency records is the _____.
Freedom of Information Act
contingency planning
Incident response Disaster recovery Business continuity
A(n) _____ addresses specific areas of technology, requires frequent updates, and contains a statement on the organization's position on a specific issue.
Issue-specific Security Policy (ISSP)
All network devices are assigned a unique number by the hardware at the network interface layer called the _____.
Media Access Control (MAC) address
Annualized Loss Expectancy(ALE)
Overall loss potential per risk
_____ direct how issues should be addressed and technologies used.
Policies
Ethics
Principles/codes that define acceptable behavior
Information security is needed to:
Protect the ability to function, protect data and information, enable operations of applications, and safeguarding the organization's IT assets
What is the system most often used to authenticate the credentials of users who are trying to access an organization's network via a dial-up connection?
Radius
Risk identification is performed within a larger process of identifying and justifying risk controls, which is called ____.
Risk Management
_____ is an excellent reference for security managers involved in the routine management of information security.
SP 800-12, An Introduction to Computer Security: The NIST Handbook
_____ are detailed statements of what must be done to comply with policy.
Standards
_____ are frequently codified as standards and procedures to be used when configuring or maintaining systems.
System-specific security policies (SysSP)
A methodology for the design and implementation of an information system that is a formal development strategy is referred to as a __________.
Systems Development Life Cycle(SDLC)
Annual Rate of Occurence(ARO)
The probability of the specific attack per year
The process of examining how each threat will affect an organization is called a(n) _____.
Threat assessment
___________are malware programs that hide their true nature, and reveal their designed behavior only when activated.
Trojan Horses
Information security is the protection of the confidentiality, integrity, and availability of information assets, in storage, processing, and transmission via the application of policy, education, training, awareness, and technology.
True
People of differing nationalities profess varying points of view on the ethical practices with the use of information technology.
True
The commonly used name for an intermediate area between a trusted network and an untrusted network is the DMZ.
True
The cornerstone of many current federal computer-related criminal laws is the Computer Fraud and Abuse Act of 1986.
True
The purpose of a weighted factor analysis is to list assets in order of their importance to the organization.
True
authentication
____ is the process of validating a supplicant's purported identity.
Enterprise information security policy(EISP)
a general security policy
The __________ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
acceptance
The method by which systems determine whether and how to admit a user into a trusted area of the organization is known as _____.
access control
Footprinting
activities that gather information about the organization and its network activities and assets.
_____is the analysis of measures against established standards.
baselining
Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.
control
Human error or failure often can be prevented with training, ongoing awareness activities, and ______.
controls
In order to ensure effort is spent protecting information that needs protecting, organizations implement _____.
data classification schemes
Honey pots
decoy systems designed to lure potential attackers away from critical systems.
The _____ community of interest must ensure sufficient resources are allocated to the risk management process
general management
The probability that a specific vulnerability within an organization will be the target of an attack is known as _____.
likelihood
Damage, destruction, modification, disclosure, denial of use refers to data ___________.
loss
System-specific policies can be organized into two general groups: ____ and _____.
managerial guidance, technical specifications
________ equals the probability of a successful attack times the expected loss from a successful attack plus an element of uncertainty
risk
Single Lose Expectancy(SLE)
the calculation value associated with the most likely loss from an attack
Authorization
the matching of an authenticated entity to a list of information assets and corresponding access levels
_____ is the process of assigning scores for critical factors, each of which is weighted in importance by the organization.
weighted factor analysis
