IS 4550 CHAPTER 13 Flashcards
In terms of information security, this refers to adding information security as a distinct layer of control. ___ security is the opposite of integrated security, in which information security controls are an integral part of the process design and not a separate distinct layer.
BOLT-ON
This outlines what information is to be shared and how the information will be disseminated and is called ___.
COMMUNICATIONS PLAN
Training done partly or fully on computer-based channels of communication, such as the Internet or through training software and is called ___.
COMPUTER-BASED TRAINING (CBT)
Getting senior management to participate in training to improve the effectiveness of security policies is called ___.
EXECUTIVE MANAGEMENT SPONSORSHIP
This is a gathering of teams to make announcements and discuss topics and is called ___.
TOWN HALL MEETING
- Which of the following indicate that the culture of an organization is adopting IT security policies?
- Security policies are part of routine daily interaction
- Security policies are supported by organizational committee
- Security policies’ core values are demonstrated in workers’ instinctive reactions to situations
- All the above
- Security policies are part of routine daily interaction *Security policies are supported by organizational committee
- Security policies’ core values are demonstrated in workers’ instinctive reactions to situations
- Effective security policies require that everyone in the organization be accountable for policy implementation.
TRUE OR FALSE
TRUE
- A quick indicator of whether a risk committee has discussed security policies or if the topic has been delegated to lower levels is by looking at ___.
Committee meeting minutes
- Deliberate acts and malicious behavior by employees are easy to control, especially when proper deterrents are installed.
TRUE OR FALSE
FALSE
- Which of the following is not an organizational challenge when implementing security policies?
- Accountability
- Surplus of funding
- Lack of priority
- Tight schedules
Surplus of funding
- Which type of plan is critical to ensuring security awareness reaches specific types of users?
- Rollout plan
- Media plan
- Executive project plan
- Communication plan
Communication plan
- Why should a security policy implementation be flexible to allow for updates?
- Unknown threats will be discovered
- New ways of teaching will be introduced
- New technologies will be introduced
- 1 and 3
- All the above
Unknown threats will be discovered
New technologies will be introduced
- which of the following is the least objectionable when dealing with policies in regards to outdated technology?
- Write security policies to best practices and issue a policy waiver for outdated technology that inherently cannot comply
- Write security policies to the lowest, most common security standard the technology can support
- Write different sets of policies for outdated technologies
- All the above
Write security policies to best practices and issue a policy waiver for outdated technology that inherently cannot comply
- What is a strong indicator that awareness training is not effective?
- A firewall breach
- Sharing your password with a supervisor
- Sharing a laptop with a coworker
- A fire in the data center
Sharing your password with a supervisor
- Which of the following is a common cause of security breaches?
- Improved training and security awareness
- Increased employee motivation
- Outsourced processing to vendors
- Inadequate management and user decisions
Inadequate management and user decisions