IS 4550 CHAPTER 13 Flashcards

1
Q

In terms of information security, this refers to adding information security as a distinct layer of control. ___ security is the opposite of integrated security, in which information security controls are an integral part of the process design and not a separate distinct layer.

A

BOLT-ON

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

This outlines what information is to be shared and how the information will be disseminated and is called ___.

A

COMMUNICATIONS PLAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Training done partly or fully on computer-based channels of communication, such as the Internet or through training software and is called ___.

A

COMPUTER-BASED TRAINING (CBT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Getting senior management to participate in training to improve the effectiveness of security policies is called ___.

A

EXECUTIVE MANAGEMENT SPONSORSHIP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This is a gathering of teams to make announcements and discuss topics and is called ___.

A

TOWN HALL MEETING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which of the following indicate that the culture of an organization is adopting IT security policies?
  2. Security policies are part of routine daily interaction
  3. Security policies are supported by organizational committee
  4. Security policies’ core values are demonstrated in workers’ instinctive reactions to situations
  5. All the above
A
  • Security policies are part of routine daily interaction *Security policies are supported by organizational committee
  • Security policies’ core values are demonstrated in workers’ instinctive reactions to situations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Effective security policies require that everyone in the organization be accountable for policy implementation.
    TRUE OR FALSE
A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. A quick indicator of whether a risk committee has discussed security policies or if the topic has been delegated to lower levels is by looking at ___.
A

Committee meeting minutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Deliberate acts and malicious behavior by employees are easy to control, especially when proper deterrents are installed.
    TRUE OR FALSE
A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which of the following is not an organizational challenge when implementing security policies?
  2. Accountability
  3. Surplus of funding
  4. Lack of priority
  5. Tight schedules
A

Surplus of funding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which type of plan is critical to ensuring security awareness reaches specific types of users?
  2. Rollout plan
  3. Media plan
  4. Executive project plan
  5. Communication plan
A

Communication plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Why should a security policy implementation be flexible to allow for updates?
  2. Unknown threats will be discovered
  3. New ways of teaching will be introduced
  4. New technologies will be introduced
  5. 1 and 3
  6. All the above
A

Unknown threats will be discovered

New technologies will be introduced

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. which of the following is the least objectionable when dealing with policies in regards to outdated technology?
  2. Write security policies to best practices and issue a policy waiver for outdated technology that inherently cannot comply
  3. Write security policies to the lowest, most common security standard the technology can support
  4. Write different sets of policies for outdated technologies
  5. All the above
A

Write security policies to best practices and issue a policy waiver for outdated technology that inherently cannot comply

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. What is a strong indicator that awareness training is not effective?
  2. A firewall breach
  3. Sharing your password with a supervisor
  4. Sharing a laptop with a coworker
  5. A fire in the data center
A

Sharing your password with a supervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Which of the following is a common cause of security breaches?
  2. Improved training and security awareness
  3. Increased employee motivation
  4. Outsourced processing to vendors
  5. Inadequate management and user decisions
A

Inadequate management and user decisions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. classroom training for security policy awareness is always the superior option to other alternatives,, such as online training.
    TRUE OR FALSE
A

FALSE

17
Q
  1. To get employees to comply and accept security policies, the organization must understand the employee’ ___.
A

Motivations or needs

18
Q
  1. A brown bag session is a formal training event with a tightly controlled agenda.
    TRUE OR FALSE
A

FALSE

19
Q
  1. What is the best way to disseminate a new policy?
  2. Hardcopy
  3. Intranet
  4. Brown bag session
  5. All the above
A

Hardcopy
Intranet
Brown bag session

20
Q
  1. Without ___, implementation of IT security policies is impossible.
A

Executive support