HS Midterm

Ace your homework & exams now with Quizwiz!

A content filter

A network filter that allows administrators to restrict access to external content from within a network is known as a _____.

The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees.

Accidental

_____ is a respected professional society founded in 1947 as "the world's first educational and scientific computing society."

Association of Computing Machinery (ACM)

Which of the following is NOT a threat to information security systems?

Availibility

In information security governance who is responsible for policy, procedures, and training?

Chief Information Officer

The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.

Chief Information Security Officer(CISO)

What is a type of law that addresses violations harmful to society and that is enforced by prosecution by the state?

Criminal Law

All traffic exiting from the trusted network should be filtered.

False

The information security blueprint build's on top of an organizations information security standards.

False

The law that provides any person with the right to request access to federal agency records is the _____.

Freedom of Information Act

contingency planning

Incident response Disaster recovery Business continuity

A(n) _____ addresses specific areas of technology, requires frequent updates, and contains a statement on the organization's position on a specific issue.

Issue-specific Security Policy (ISSP)

All network devices are assigned a unique number by the hardware at the network interface layer called the _____.

Media Access Control (MAC) address

Annualized Loss Expectancy(ALE)

Overall loss potential per risk

_____ direct how issues should be addressed and technologies used.

Policies

Ethics

Principles/codes that define acceptable behavior

Information security is needed to:

Protect the ability to function, protect data and information, enable operations of applications, and safeguarding the organization's IT assets

What is the system most often used to authenticate the credentials of users who are trying to access an organization's network via a dial-up connection?

Radius

Risk identification is performed within a larger process of identifying and justifying risk controls, which is called ____.

Risk Management

_____ is an excellent reference for security managers involved in the routine management of information security.

SP 800-12, An Introduction to Computer Security: The NIST Handbook

_____ are detailed statements of what must be done to comply with policy.

Standards

_____ are frequently codified as standards and procedures to be used when configuring or maintaining systems.

System-specific security policies (SysSP)

A methodology for the design and implementation of an information system that is a formal development strategy is referred to as a __________.

Systems Development Life Cycle(SDLC)

Annual Rate of Occurence(ARO)

The probability of the specific attack per year

The process of examining how each threat will affect an organization is called a(n) _____.

Threat assessment

___________are malware programs that hide their true nature, and reveal their designed behavior only when activated.

Trojan Horses

Information security is the protection of the confidentiality, integrity, and availability of information assets, in storage, processing, and transmission via the application of policy, education, training, awareness, and technology.

True

People of differing nationalities profess varying points of view on the ethical practices with the use of information technology.

True

The commonly used name for an intermediate area between a trusted network and an untrusted network is the DMZ.

True

The cornerstone of many current federal computer-related criminal laws is the Computer Fraud and Abuse Act of 1986.

True

The purpose of a weighted factor analysis is to list assets in order of their importance to the organization.

True

authentication

____ is the process of validating a supplicant's purported identity.

Enterprise information security policy(EISP)

a general security policy

The __________ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.

acceptance

The method by which systems determine whether and how to admit a user into a trusted area of the organization is known as _____.

access control

Footprinting

activities that gather information about the organization and its network activities and assets.

_____is the analysis of measures against established standards.

baselining

Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.

control

Human error or failure often can be prevented with training, ongoing awareness activities, and ______.

controls

In order to ensure effort is spent protecting information that needs protecting, organizations implement _____.

data classification schemes

Honey pots

decoy systems designed to lure potential attackers away from critical systems.

The _____ community of interest must ensure sufficient resources are allocated to the risk management process

general management

The probability that a specific vulnerability within an organization will be the target of an attack is known as _____.

likelihood

Damage, destruction, modification, disclosure, denial of use refers to data ___________.

loss

System-specific policies can be organized into two general groups: ____ and _____.

managerial guidance, technical specifications

________ equals the probability of a successful attack times the expected loss from a successful attack plus an element of uncertainty

risk

Single Lose Expectancy(SLE)

the calculation value associated with the most likely loss from an attack

Authorization

the matching of an authenticated entity to a list of information assets and corresponding access levels

_____ is the process of assigning scores for critical factors, each of which is weighted in importance by the organization.

weighted factor analysis


Related study sets

Life Insurance: Retirement and Other Insurance Concepts

View Set

Ch. 6 Current Digital Forensics Tools

View Set

Chapter 15: Structure and function of the Neurologic System

View Set

CP AMERICAN HISTORY: Chapter 20.1 Notes

View Set