Chapter 11: Implementing Policies to Mitigate Risks

Question 1

An ____ ____ ____ defines proper system usage for users and spells out rules of behavior when accessing systems and networks. It often provides specific examples of unacceptable usage, such as visiting certain web sites, and typically includes statements informing users that the organization monitors user activities. Users are required to read and sign it when hired, and in conjunction with refresher training.

Answer 1

acceptable use policy

Question 2

____ ____ policies require employees to take time away from their job. These policies help to reduce fraud and discover malicious activities by employees.

Answer 2

Mandatory vacation

Question 3

A ____ ___ _____ policy separates individual tasks of an overall function between different entities or different people, and helps deter fraud. For example, a single person shouldn’t be able to approve bills and pay them, or print checks and then sign them.

Answer 3

separation of duties

Question 4

____ ______ policies require employees to change roles on a regular basis. Employees might swap roles temporarily, such as for three to four weeks, or permanently. These policies help to prevent employees from continuing with fraudulent activities, and help detect fraud if it occurs.

Answer 4

Job rotation

Question 5

____ _____ policies require users to organize their desks and surrounding areas to reduce the risk of possible data theft and
password compromise.

Answer 5

Clean desk

Question 6

____ _____ are performed before hiring an employee. Once hired, onboarding processes give employees access to resources.

Answer 6

Background checks

Question 7

An ____ ____ is conducted before an employee departs the organization, and the account is typically disabled during the interview.

Answer 7

exit interview

Question 8

Improper use of ___ ____ sites can result in inadvertent information disclosure. Attackers gather information from these sites to launch attacks against users, such as cognitive password attacks to change users’ passwords. Training reduces these risks.

Answer 8

social networking

Question 9

A __-_____ _____helps ensure that proprietary data is not shared.

Answer 9

non-disclosure agreement (NDA)

Question 10

A ____ ____ ____ is an agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels.

Answer 10

service level agreement (SLA)

Question 11

An ____ ____ ____ specifies technical and security requirements for connections and ensures data confidentiality while data is in transit.

Answer 11

interconnection security agreement (ISA)

Question 12

A _____ or _____ supports an ISA, but doesn’t include technical details.

Answer 12

memorandum of understanding or memorandum of agreement (MOU/MOA)

Question 13

Information ______ practices help protect sensitive data by ensuring users understand the value of data. Data _____ ensures that users know what data they are handling and processing.

Answer 13

classification

labeling

Question 14

_____ data is available to anyone. _____ data is information that an organization intends to keep secret among a certain group of people. ______ data is data that is related to ownership, such as patents or trade secrets. _____ data includes PII and PHI.

Answer 14

Public
Confidential
Proprietary
Private

Question 15

_____ and _____ methods ensure that sensitive data is removed from decommissioned systems. File shredders remove all remnants of a file. Wiping methods erase disk drives.

Answer 15

Destruction and sanitization

Question 16

______ a disk magnetically erases all the data. Physically destroying a drive is the most secure method of ensuring unauthorized personnel cannot access proprietary information.

Answer 16

Degaussing

Question 17

_____ policies identify how long data is retained. They can limit a company’s exposure to legal proceedings and reduce the amount of labor required to respond to court orders.

Answer 17

Retention

Question 18

___ ___ ___ is used to personally identify an individual. Examples include the full name, birth date, address, and medical information of a person.

Answer 18

Personally Identifiable Information (PII)

Question 19

____ ____ ____ is PII that includes medical or health-related information.

Answer 19

Personal Health Information (PHI)

Question 20

____/_____ requires special handling for data retention. Many laws mandate the protection of both, and require informing individuals when an attack results in the compromise of them.

Answer 20

PII/PHI

Question 21

A ____ _____ has overall responsibility for data. A ____ or custodian handles routine tasks to protect data. A ____ officer is responsible for ensuring an organization complies with relevant laws to protect privacy data, such as PII or PHI.

Answer 21

data owner
steward
privacy

Question 22

An ____ ____ policy defines an incident and response procedures. Organizations review and update incidents periodically and after reviewing lessons learned after actual incidents.

Answer 22

incident response

Question 23

The _____ step in incident response is preparation. It includes creating and maintaining an incident response policy and includes prevention steps such as implementing security controls to prevent malware infections.

Answer 23

first

Question 24

Before acting, personnel verify an event is an actual incident. Next, they attempt to _____ or isolate the problem. Disconnecting a computer from a network will isolate it.

Answer 24

contain

Question 25

______ attempts to remove all malicious components left after an incident. Recovery restores a system to its original state. Depending on the scope of the incident, administrators might completely rebuild the system, including applying all updates and patches.

Answer 25

Eradication

Question 26

A review of ____ _____ helps an organization prevent a reoccurrence of an incident.

Answer 26

lessons learned

Question 27

The order of ____ for data from most volatile to least volatile is cache memory, regular RAM, a paging file, hard drive data, logs stored on remote systems, and archived media.

Answer 27

volatility

Question 28

Forensic experts ____ __ _____ of the data before analysis to preserve the original and maintain its usability as evidence.

Answer 28

capture an image

Question 29

____ ____ imaging creates a forensic copy and prevents the forensic capture and analysis from modifying the original evidence.

Answer 29

Hard drive

Question 30

A ____ image is a bit-by-bit copy of the data and does not modify the data during the capture.

Answer 30

forensic

Question 31

______ provides integrity for images, including images of both memory and disk drives.

Answer 31

Hashing

Question 32

Taking a hash before and after capturing a disk image verifies that the capturing process did not modify data. Hashes can reveal evidence tampering or, at the very least, that evidence has lost _____.

Answer 32

integrity

Question 33

A _____ ___ _____ provides assurances that personnel controlled and handled evidence properly after collecting it. It may start with a tag attached to the physical item, followed by a form that documents everyone who handled it and when they handled it.

Answer 33

chain of custody

Question 34

A ____ ____ requires an organization to protect existing data as evidence.

Answer 34

legal hold

Question 35

Security awareness and training programs reinforce user compliance with security policies and help ____ risks posed by users.

Answer 35

reduce

Question 36

_____-_____ training ensures that personnel receive the training they need. For example, executives need training on whaling attacks.

Answer 36

Role-based

Question 37

Common roles that require ____-_____ training are data owners, system administrators, system owners, end users, privileged users, and executive users.

Answer 37

role-based

Question 38

_____ _____ programs ensure that personnel are kept up to date on current technologies, threats, and vulnerabilities.

Answer 38

Continuing education