Information Security Management - Midterm Study Guide

Ace your homework & exams now with Quizwiz!

True or False: A system administrator may need to create a different type of policy in order to implement a managerial policy

True

True or False: Data integrity can be affected by virus infections and data communications errors.

True

True or False: The Sarbanes-Oxley (SOX) Act of 2002 was passed as a result of the Enron and WorldCom financial scandals.

True

Which of the following is used to establish a formal set of organizational principles and qualities for an organization? - Values statement - Vision statement - Mission statement - Morals statement

Values statement

Which security role is typically responsible for monitoring e-mail accounts and instruction consoles? - Security technicians - Security administrators - Analysts - Watchstanders

Watchstanders

A person who has authorization from an organization to test its information systems and network defense is known as which of the following? - script kiddie - penetration tester - professional hacker - packet monkey

penetration tester

What type of virus actually evolves, changing its size and other external file characteristics to elude detection by antivirus programs? - Trojan horse - trap door - polymorphic threat - macro virus

polymorphic threat

An evaluation of the threats to information assets, including a determination of their potential to endanger the organization is known as which of the following? - threat assessment - risk analysis - data classification scheme - risk identification

threat assessment

Which of the following best describes a stakeholder? - An individual or group that owns financial stock in an organization - A competing organization - An individual who buys an organization's products - An individual or group who has a vested interest

An individual or group who has a vested interest

Which of the following is not a component of a typical strategic plan? - Executive summary - Archived profile - Organizational profile - Strategic issues and challenges

Archived profile

What is the name of the process that is used to establish whether or not a user's identity is legitimate? - Availability - Accountability - Authorization - Authentication

Authentication

Which law, originally passed in 1986 and amended in 1996, contains provisions that determine the penalties for computer related crimes? - PATRIOT Act - Computer Fraud and Abuse Act - Digital Millennium Copyright Act - Computer Security Act

Computer Fraud and Abuse Act

Which of the following is a collection of statutes that regulates the interception of wire, electronic, and oral communications? - Federal Privacy Act - Copyright Act - Security and Freedom Through Encryption Act - Electronic Communications Privacy Act (ECPA)

Electronic Communications Privacy Act (ECPA)

Which type of security policy is known as the highest level of policy and sets the strategic direction, scope, and tone for an organization's security efforts? - System-specific security policy - Issue-specific security policy - Enterprise information security policy - Strategic planning security policy

Enterprise information security policy

Which of the following is NOT a typical permission available for use in ACLs? - Read - Write - Delete - Expunge

Expunge

True or False: A CISO never reports to the CIO, and must always go through management hierarchies.

False

True or False: Only the InfoSec and IT communities have a role to play in the management of risks to information assets.

False

True or False: The CISO is another name for a CIO, as both roles perform the same tasks

False

Which of the following occurs when a manufacture performs an upgrade to a hardware component at a customer's premises? - Asset type - Field change order - Controlling entity - Manufacturer's model or part number

Field change order

Which entity is not exempt from the Federal Privacy Act of 1974? - Bureau of the Census - U.S. Congress - Hospitals - Credit agencies

Hosptials

Which of the following terms can be used to describe trade secrets, copyrights, trademarks, and patents? - Quality of service - Availability - Intellectual property - Competitive intelligence

Intellectual property

Which of the following is NOT a specific characteristic of ISSP? - It addresses specific technology-based resources - It requires frequent updates - It addresses hardware implementation issues - It contains an issue statement

It addresses hardware implementation issues

Which of the following is used to declare the intended areas of operation for a business? - Values statement - Vision statement - Objectives statement - Mission Statement

Mission statement

An organization is considered to be medium-sized when it has approximately how many devices? - Less than 100 - More than 1000 - More than 100, less than 1000 - More than 2000

More than 100, less than 1000

The simplified risk management components consist of which of the following groups? - People, planning, technology - Planning, performing, tasking - Preparedness, planning, and technology - People, process, and technology

People, process, and technology

All but which of the following is one of the five fundamental privacy principles of HIPAA? - Public control of medical information - Boundaries on the use of medical information - Balance of public responsibility for the use of medical information - Security of health information

Public control of medical information

Which term below defines the identification and assessment of risks and also defining acceptable levels of risk within an organization? - Risk assessment - Risk analysis - Risk identification - Risk management

Risk analysis

Which NIST publication covers topics such as elements of computer security, roles and responsibilities, and common threats? - SP 800-21 - SP 800-12 - SP 800-11 - SP 800-01

SP 800-12

Which of the following information security roles best describe a type of specialized security administrator, and is typically responsible for analyzing and designing security solutions in a specific domain. - Security manager - Chief security officer - Security analyst - Chief information security officer

Security analyst

Which of the following is NOT an InfoSec policy recommended in NIST's Special Publication 800-14 document? - Enterprise information security policy (EISP) - Issue-specific security policies (ISSP) - System-specific security policies (SysSP) - Task-specific security policies (TSSP)

Task-specific security policies (TSSP)


Related study sets

BIO 181 Week 04 Membrane Structure and Function

View Set

CHPT.14 Ancient Mediterranean Worlds

View Set

Life insurance study exam part.3

View Set

BADM 201 All, fin 240 kaplowitz worksheet 8.1: trademarks and related property and patents

View Set