CHAPTER 14 Flashcards

1
Q

IT security management consists of first determining a clear view of an
organization’s IT security objectives and general risk profile

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IT security management has evolved considerably over the last few
decades due to the rise in risks to networked systems

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Detecting and reacting to incidents is not a function of IT security
management.

A

F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IT security needs to be a key part of an organization’s overall
management plan.

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Once the IT management process is in place and working the process
never needs to be repeated

A

F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Organizational security objectives identify what IT security outcomes
should be achieved.

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The assignment of responsibilities relating to the management of IT
security and the organizational infrastructure is not addressed in a
corporate security policy.

A

F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Organizational security policies identify what needs to be done

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

It is not critical that an organization’s IT security policy have full
approval or buy-in by senior management.

A

F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Because the responsibility for IT security is shared across the
organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control.

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Legal and regulatory constraints may require specific approaches to
risk assessment

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A major advantage of the informal approach is that the individuals
performing the analysis require no additional skills.

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A major disadvantage of the baseline risk assessment approach is the
significant cost in time, resources, and expertise needed to perform
the analysis.

A

F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

One asset may have multiple threats and a single threat may target
multiple assets

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A threat may be either natural or human made and may be accidental
or deliberate

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

__________ ensures that critical assets are sufficiently protected in a cost-effective manner.
A. IT control B. IT security management
C. IT discipline D. IT risk implementations

A

IT security management

17
Q

The ________ has revised and consolidated a number of national and international standards into a consensus of best practice.
A. ISO B. CSI
C. VSB D. DBI

A

ISO

18
Q

IT security management functions include:
A. determining organizational IT security objectives, strategies, and policies
B. detecting and reacting to incidents
C. specifying appropriate safeguards
D. all of the above

A

all of the above

19
Q

Implementing the risk treatment plan is part of the ______ step.
A. check B. act
C. do D. plan

A

do

20
Q

Maintaining and improving the information security risk management process
in response to incidents is part of the _________ step.

	A.  act			B.  plan
	C.  check		D. do
A

ACT

21
Q

Establishing security policy, objectives, processes and procedures is part of the ______ step.
A. plan B. check
C. act D. none of the above

A

plan

22
Q

The intent of the ________ is to provide a clear overview of how an organization’s IT infrastructure supports its overall business objectives.
A. risk register B. corporate security policy
C. vulnerability source D. threat assessment

A

corporate security policy

23
Q

The advantages of the _________ approach are that it doesn’t require the expenditure of additional resources in conducting a more formal risk assessment and that the same measures can be replicated over a range of systems.
A. combined B. informal
C. baseline D. detailed

A

baseline

24
Q

The _________ approach involves conducting a risk analysis for the organization’s IT systems that exploits the knowledge and expertise of the individuals performing the analysis.
A. baseline B. combined
C. detailed D. informal

A

informal

25
Q

A ________ is anything that might hinder or present an asset from providing appropriate levels of the key security services.
A. vulnerability B. threat
C. risk D. control

A

threat

26
Q

_________ include management, operational, and technical processes and procedures that act to reduce the exposure of the organization to some risks by reducing the ability of a threat source to exploit some vulnerabilities.
A. Security controls B. Risk appetite
C. Risk controls D. None of the above

A

Security controls

27
Q

The results of the risk analysis should be documented in a _________.
A. journal B. consequence
C. risk register D. none of the above

A

risk register

28
Q

________ specification indicates the impact on the organization should the particular threat in question actually eventuate.
A. Risk B. Consequence
C. Threat D. Likelihood

A

Consequence

29
Q

The purpose of ________ is to determine the basic parameters within which the risk assessment will be conducted and then to identify the assets to be examined.
A. establishing the context B. control
C. risk avoidance D. combining

A

establishing the context

30
Q

_________ is choosing to accept a risk level greater than normal for business reasons.

A

Risk acceptance