Chapter 3

Question 1

COMPENSATING CONTROL

Answer 1

Alternative counter-measures to minimize risk.

Question 2

THE TJX COMPANIES, INC.

Answer 2

The detailed recording, management, and updating regarding the details of an information system.

Question 3

GAP ANALYSIS

Answer 3

A comparison between the actual and desired outcome.

Question 4

IDENTITY THEFT

Answer 4

The taking of one’s personal information for unauthorized use.

Question 5

LAN DOMAIN

Answer 5

An IT domain that comprises the equipment making up the local area network.

Question 6

LAN-TO-WAN DOMAIN

Answer 6

An IT domain that bridges between the LAN and the WAN.

Question 7

PRIVACY MANAGEMENT

Answer 7

The rights and obligations of individuals and organizations in regard to how they manage personal information.

Question 8

PRIVACY OFFICER

Answer 8

Senior-level management position within an organization with responsibiility for privacy laws and the impact to the organization.

Question 9

REMOTE ACCESS DOMAIN

Answer 9

An IT domain that covers the access infrastructure for users accessing remote systems.

Question 10

RISK ASSESSMENT

Answer 10

An analysis of threats and vulnerabilites against assets. This allows risks to be prioritized.

Question 11

SOCIAL ENGINEERING

Answer 11

An act of manipulating people into divulging information.

Question 12

SYSTEM/APPLICATION DOMAIN

Answer 12

An IT domain that covers network systems, applications, and software for users.

Question 13

USER DOMAIN

Answer 13

An IT domain that covers the end users of information systems.

Question 14

WAN DOMAIN

Answer 14

A network covering a large area often connecting multiple LANs.

Question 15

WORKSTATION DOMAIN

Answer 15

The operating environment of an end user.