CHAPTER 15 Flashcards
To ensure that a suitable level of security is maintained, management
must follow up the implementation with an evaluation of the effectiveness of the security controls
T
Management controls refer to issues that management needs to address
T
Operational controls range from simple to complex measures that work
together to secure critical and sensitive data, information, and IT systems functions
F
Detection and recovery controls provide a means to restore lost
computing resources
T
Water damage protection is included in security controls
T
All controls are applicable to all technologies
F
Physical access or environmental controls are only relevant to areas
housing the relevant equipment.
T
Once in place controls cannot be adjusted, regardless of the results of
risk assessment of systems in the organization
F
Controls may vary in size and complexity in relation to the
organization employing them.
T
It is likely that the organization will not have the resources to
implement all the recommended controls
T
The selection of recommended controls is not guided by legal
requirements.
F
The recommended controls need to be compatible with the
organization’s systems and policies
T
The implementation phase comprises not only the direct
implementation of the controls, but also the associated training and general security awareness programs for the organization
T
Appropriate security awareness training for all personnel in an
organization, along with specific training relating to particular systems and controls, is an essential component in implementing controls
T
The IT security management process ends with the implementation of
controls and the training of personnel
F
_________ is a formal process to ensure that critical assets are sufficiently protected in a cost-effective manner.
A. Configuration management control
B. IT security management
C. Detection and recovery control
D. Security compliance
IT security management
An IT security ________ helps to reduce risks.
A. control B. safeguard
C. countermeasure D. all of the above
all of the above
_______ controls focus on security policies, planning, guidelines, and standards that influence the selection of operational and technical controls to reduce the risk of loss and to protect the organization’s mission.
A. Management B. Technical
C. Preventative D. Supportive
Management
_______ controls are pervasive, generic, underlying technical IT security capabilities that are interrelated with, and used by, many other controls.
A. Preventative B. Supportive
C. Operational D. Detection and recovery
Supportive
________ controls focus on the response to a security breach, by warning of violations or attempted violations of security policies.
A. Technical B. Preventative
C. Detection and recovery D. Management
Detection and recovery
A contingency plan for systems critical to a large organization would be _________ than that for a small business.
A. smaller, less detailed B. larger, less detailed
C. larger, more detailed D. smaller, more detailed
larger, more detailed
Management should conduct a ________ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources.
A. cost analysis B. cost-benefit analysis
C. benefit analysis D. none of the above
cost-benefit analysis
An IT security plan should include details of _________.
A. risks B. recommended controls
C. responsible personnel D. all of the above
all of the above
The implementation process is typically monitored by the organizational ______.
A. security officer B. general counsel
C. technology officer D. human resources
security officer
