CHAPTER 14 Flashcards
IT security management consists of first determining a clear view of an
organization’s IT security objectives and general risk profile
T
IT security management has evolved considerably over the last few
decades due to the rise in risks to networked systems
T
Detecting and reacting to incidents is not a function of IT security
management.
F
IT security needs to be a key part of an organization’s overall
management plan.
T
Once the IT management process is in place and working the process
never needs to be repeated
F
Organizational security objectives identify what IT security outcomes
should be achieved.
T
The assignment of responsibilities relating to the management of IT
security and the organizational infrastructure is not addressed in a
corporate security policy.
F
Organizational security policies identify what needs to be done
T
It is not critical that an organization’s IT security policy have full
approval or buy-in by senior management.
F
Because the responsibility for IT security is shared across the
organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control.
T
Legal and regulatory constraints may require specific approaches to
risk assessment
T
A major advantage of the informal approach is that the individuals
performing the analysis require no additional skills.
T
A major disadvantage of the baseline risk assessment approach is the
significant cost in time, resources, and expertise needed to perform
the analysis.
F
One asset may have multiple threats and a single threat may target
multiple assets
T
A threat may be either natural or human made and may be accidental
or deliberate
T