Information Security Systems Policies and Procedures Final Exam

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

GLBA - Gramm-Leach-Bliley Act

requires financial institutions to protect customer's nonpublic financial information

Hertz

the unit of frequency, equal to one cycle per second

Warm site

An alternative processing center that balances cost and switch over time

SOC 3

An assessment demonstrating that a firm is satisfying requirements regarding customer private data.

nothing

An audit of an Identity management system should include this about the networks firewall's unsolicited connection attempts

Parallel Test

Annual major disaster recovery test that is as thorough and realistic as possible and ensures no disruption of activity at the primary site

MOU - Memorandum of Understanding

Less formal agreement and expresses areas of common interests

FPCO - Family Policy Compliance Office

Oversees compliance with FERPA - Family Educational Rights and Privacy Act

ASV - Approved Scanning Vendor

Performs quarterly vulnerability scans required by PCI DSS - Payment Card Industry Data Security Standard

BCP - Business Continuity Plan

Plan providing for the recovery effort of a server failure that affects a single business function.

ANSI

Produces standards that affect nearly all aspects of IT

FISMA - Federal Information Security Management Act

Requires all federal agencies to report security incidents to US-CERT - United States Computer Emergency Readiness Team

CIPA - Children's Internet Protection Act

Requires libraries to filter offensive material on their computer terminals

Audit

Reviewing logs to independently asses security controls in this type of security review

False

True or False: 4 main types of logs that you need to keep to support security auditing include event, access, user, and security

False

True or False: ISBN is an IEE standard

False

True or False: The four central components of access control are users, resources, actions and features

True

True or False: The tools for conducting a risk analysis can include the documents that define and categorize and rank risks

False

True or False: an extension of a MOU is the BPA - Blanket Purpose Agreement, which serves as an agreement that documents technical requirements of interconnected assets

False

True or False: one of the commonly accepted best practices for password security is to require at least 6 alphanumeric characters

False

True or false: NIST is an UN agency

Ownership

Type of authentication that includes something you have like a smart card

Laws

What are external documents should not be considered in the scope of organizational compliance efforts

A higher level of expertise

What is an advantage of using a security management firm for security monitoring

Checklist

Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?

Executive Brance

Which branch of government do Federal agencies fall under?

Facility Repair

Which of the following involves direct costs?

Assume Information should be free

Which of the following is not a good practice for developing strong professional ethics

PIPEDA - Personal Information Protection and Electronic Documents Act

Which regulatory standard would NOT require audits of companies in the United States?

W3C - World Wid Web Consortium

authoritative source for HTML standards

Brute Force Attack

A password-cracking program that tries every possible combination of characters.

Prudent

A security policy for an organization that allows a reasonable list of activities but does not allow others is this:

Risk Management

A systematic process for identifying, analyzing, evaluating, remedying, and monitoring risk.

Two factor authentication

Can include a PIN and a smart card

Security Kernal

Central part of a computers environment hardware, software and firmware that enforces access control

Biometrics

Common methods used to identify a user to a system include username, smart card, and this third method ...

Integrity

Control designed to ensure that financial reports, records and data are accurately maintained (The C in CIA)

Presentation Layer

Encryption resides at this layer of the OSI model

Encryption

IEC not likely to issue standards on which of the following? Semi-cpnductors, solar energy, consumer appliances, encryption

Reconnaissance

In security testing, this involves reviewing a system to learn as much as possible about the organization, its systems and its networks

TOS - Trusted Operating System

Operating System that provides features to satisfy government requirements for security

A higher level of expertise

Outsourcing security functions to a third party service provider provides this benefit:

Ensure that everyone is safe

The first step in a disaster recovery plan

False

True or False: A remediation liaison makes sure all personnel are aware and comply with an organizations policies

NIST - National Institute of Standards and Technology

US agency responsible for promoting US innovation and industrial competitiveness

Stored profiles of activity

Used to compare to current activity in an anomaly based intrusion detection system

SLA - Service Level Agreement

Using this, a third party service provider for security services provides a requirement for timely notification of security breeches.


Set pelajaran terkait

Astronomy 1 Midterm 3 Study (Ch. 15)

View Set

Nursing Management of Burn Injuries (Sherpath)

View Set

RHIA CH 13-health statistics and research

View Set

Econ Final Test Review (AS/AD, Business Cycle, GDP)

View Set

Macroeconomics - Review Ch 24, 27, 28, & 30

View Set