Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Information System Security Management > Chapter 5 > Flashcards

Chapter 5 Flashcards

1
Q

What does “InfoSec Program” mean?

A

The effort to reduce risk to organizational assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name 4 functions needed to implement an InfoSec program:

A
  • System testing.
  • Risk assessment.
  • Risk management.
  • Policy.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How many employees do each of these organizations need:

1- Micro enterprises or startups:

2- Small enterprises:

3- Medium-sized enterprises:

4- Large enterprises:

A

1- Micro enterprises or startups:
(fewer than 10 employees)

2- Small enterprises:
(10 to 49 employees)

3- Medium-sized enterprises:
(50 to 249 employees)

4- Large enterprises:
(250 or more people)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a recommended approach to separating functions in large organizations:
(4 steps)

A

1- Functions performed by business groups.

2- Functions performed by IT groups outside InfoSec.

3- Functions performed within InfoSec department as customer service.

4- Functions performed within InfoSec as compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Compare Large, medium, and small organization in terms of security staffing:

A

1- Large organizations: Forming many internal groups and splitting functions. 5+ full time security professionals, and 15+ part-timers.

2- Medium-sized organizations: less internal groups and more functions assigned to each group. May have only 1 full-time security person, with some part-time InfoSec individuals.

3- Small organizations: 1 jack-of-all-trades security administrator, with 1 or 2 assistants. Resources are limited, which will cause security admins to use freeware/open source to lower costs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

List 5 of wood’s reporting options:

A

1- Reporting to IT department.

2- Reporting to legal department.

3- Reporting to administrative services department.

4- Reporting to help desk.

5- Reporting to HR department.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

List 3 NIST Elements of a security program:

A

1- Physical security.
2- Cryptography.
3- Policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Name and compare the 3 types of InfoSec positions:

A

1 - Definers: provide policies and guidelines.

2 - Builders: they create and install security tools.

3 - Administrators: they administrate the tools and improve the processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name and Explain 3 InfoSec roles:

A

1- CISO: the executive that oversees the InfoSec in an organization.

2- Security Consultant: independent expert.

3- Security Analyst: a hybrid of technician and manager. Has both technical and managerial skills.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain what each of these InfoSec roles do:
1 - Security Technician.
2 - Security Staffers and watchstanders.
3 - Security officers and Investigators.
4 - Help Desk Personnel.

A

1 - Technical individuals who configure and implement security software.
2 - Routinely do watchstanding or administrative work.
3 - physical security.
4 - help identify InfoSec problems in user devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Information System Security Management (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions