Information Security Systems Policies and Procedures Final Exam
GLBA - Gramm-Leach-Bliley Act
requires financial institutions to protect customer's nonpublic financial information
Hertz
the unit of frequency, equal to one cycle per second
Warm site
An alternative processing center that balances cost and switch over time
SOC 3
An assessment demonstrating that a firm is satisfying requirements regarding customer private data.
nothing
An audit of an Identity management system should include this about the networks firewall's unsolicited connection attempts
Parallel Test
Annual major disaster recovery test that is as thorough and realistic as possible and ensures no disruption of activity at the primary site
MOU - Memorandum of Understanding
Less formal agreement and expresses areas of common interests
FPCO - Family Policy Compliance Office
Oversees compliance with FERPA - Family Educational Rights and Privacy Act
ASV - Approved Scanning Vendor
Performs quarterly vulnerability scans required by PCI DSS - Payment Card Industry Data Security Standard
BCP - Business Continuity Plan
Plan providing for the recovery effort of a server failure that affects a single business function.
ANSI
Produces standards that affect nearly all aspects of IT
FISMA - Federal Information Security Management Act
Requires all federal agencies to report security incidents to US-CERT - United States Computer Emergency Readiness Team
CIPA - Children's Internet Protection Act
Requires libraries to filter offensive material on their computer terminals
Audit
Reviewing logs to independently asses security controls in this type of security review
False
True or False: 4 main types of logs that you need to keep to support security auditing include event, access, user, and security
False
True or False: ISBN is an IEE standard
False
True or False: The four central components of access control are users, resources, actions and features
True
True or False: The tools for conducting a risk analysis can include the documents that define and categorize and rank risks
False
True or False: an extension of a MOU is the BPA - Blanket Purpose Agreement, which serves as an agreement that documents technical requirements of interconnected assets
False
True or False: one of the commonly accepted best practices for password security is to require at least 6 alphanumeric characters
False
True or false: NIST is an UN agency
Ownership
Type of authentication that includes something you have like a smart card
Laws
What are external documents should not be considered in the scope of organizational compliance efforts
A higher level of expertise
What is an advantage of using a security management firm for security monitoring
Checklist
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas?
Executive Brance
Which branch of government do Federal agencies fall under?
Facility Repair
Which of the following involves direct costs?
Assume Information should be free
Which of the following is not a good practice for developing strong professional ethics
PIPEDA - Personal Information Protection and Electronic Documents Act
Which regulatory standard would NOT require audits of companies in the United States?
W3C - World Wid Web Consortium
authoritative source for HTML standards
Brute Force Attack
A password-cracking program that tries every possible combination of characters.
Prudent
A security policy for an organization that allows a reasonable list of activities but does not allow others is this:
Risk Management
A systematic process for identifying, analyzing, evaluating, remedying, and monitoring risk.
Two factor authentication
Can include a PIN and a smart card
Security Kernal
Central part of a computers environment hardware, software and firmware that enforces access control
Biometrics
Common methods used to identify a user to a system include username, smart card, and this third method ...
Integrity
Control designed to ensure that financial reports, records and data are accurately maintained (The C in CIA)
Presentation Layer
Encryption resides at this layer of the OSI model
Encryption
IEC not likely to issue standards on which of the following? Semi-cpnductors, solar energy, consumer appliances, encryption
Reconnaissance
In security testing, this involves reviewing a system to learn as much as possible about the organization, its systems and its networks
TOS - Trusted Operating System
Operating System that provides features to satisfy government requirements for security
A higher level of expertise
Outsourcing security functions to a third party service provider provides this benefit:
Ensure that everyone is safe
The first step in a disaster recovery plan
False
True or False: A remediation liaison makes sure all personnel are aware and comply with an organizations policies
NIST - National Institute of Standards and Technology
US agency responsible for promoting US innovation and industrial competitiveness
Stored profiles of activity
Used to compare to current activity in an anomaly based intrusion detection system
SLA - Service Level Agreement
Using this, a third party service provider for security services provides a requirement for timely notification of security breeches.