Ch14

Audits serve to verify that the security protections enacted by an organization are being followed and that corrective actions can be swiftly implemented before an attacker exploits a vulnerability.

True

Most organizations follow a three-phase cycle in the development and maintenance of a security policy.

True

The first phase of the security policy cycle involves a vulnerability assessment.

True

The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the users.

True

Due to the potential impact of changes that can affect all users in a organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes?

change management team

What kind of policy outlines how organizations use personal information it collects?

privacy

Policies that include statements regarding how an employee's information technology resources will be addressed are part of a:

security-related human resource policy

Websites that group individuals and organizations into clusters or groups based on some sort of affiliation are considered to be what type of websites?

social networking

​What is the most common type of P2P network?

​Bittorrent

What type of learner tends to sit in the middle of the class and learns best through lectures and discussions?

Auditory

What can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments?

Ethics

What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization?

Incident management

What may be defined as the components required to identify, analyze, and contain an incident?

Incident response

What are values that are attributed to a system of beliefs that help the individual distinguish right from wrong called?

Morals

Which type of network below uses a direct connection between users, and involves each device simultaneously acting as a client and a server?

P2P

A person's fundamental beliefs and principals, which are used to define what is good, and how to distinguish right from wrong, are collectively called a person's:

Values

What kind of learners learn from taking notes, being at the front of the class, and watching presentations?

Visual

Which term below describes the art of helping an adult learn?

andragogical

A collection of suggestions that should be implemented are referred to as a:

guideline

What concept below is at the very heart of information security?

risk

A written document that states how an organization plans to protect the company's information technology assets is a:

security policy

Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment?

Acceptable use policies

A due process policy is a policy that defines the actions users may perform while accessing systems and networking equipment.

False

What type of learner learns best through hands-on approaches?

Kinesthetic

Select below the option that best describes a policy:

A document that outlines specific requirements or rules that must be met