Chapter 16: Managing Security Operations

Question 1

The _____ principle imposes the requirement to grant users access only to data or resources they need to perform assigned work tasks.

Answer 1

need-to-know

Question 2

The ______ principle states that subjects are granted only the privileges necessary to perform assigned work tasks and no more.

Answer 2

least privilege

Question 3

_____ and responsibilities ensures that no single person has total control over a critical function or system.

Answer 3

Separation of duties (SoD)

Question 4

_____ control (sometimes called the two-man rule) requires the approval of two individuals for critical tasks.

Answer 4

Two-person

Question 5

____ (sometimes called rotation of duties) means that employees rotate through jobs or rotate job responsibilities with other employees.

Answer 5

Job rotation

Question 6

Many organizations require employees to take ______ in one-week or two-week increments. This provides a form of peer review and helps detect fraud and collusion.

Answer 6

mandatory vacations

Question 7

A simple ____ system is just a button that sends a distress call and are useful when personnel are working alone.

Answer 7

duress

Question 8

____ management refers to managing both tangible and intangible assets. This typically starts with inventories of assets, tracking the assets, and taking additional steps to protect them throughout their lifetime.

Answer 8

Asset

Question 9

____ assets include hardware and software assets owned by the company.

Answer 9

Tangible

Question 10

_____ assets include patents, copyrights, a company’s reputation, and other assets representing potential revenue.

Answer 10

Intangible

Question 11

____ refers to a system’s ability to add and remove resources dynamically, based on increasing or decreasing load.

Answer 11

Elasticity

Question 12

_____ new systems refers to installing and configuring the operating system and needed applications.

Answer 12

Provisioning