IS 4550 CHAPTER 14 Flashcards
A gateway committee that approves standard technologies and architectures is called ___.
ARCHITECTURE REVEIW COMMITTEE
Unauthorized sharing of sensitive company information, whether intentional or accidental is called ___.
DATA LEAKAGE
A gateway committee that approves external data connections is called ___.
EXTERNAL CONNECTION COMMITTEE
Committees that review technology activity and provide approvals before the project or activity can proceed to the next stage is called ___.
GATEWAY COMMITTEES
The highest ranking lawyer in an organization, who usually reports to the present or CEO. He is asked to give legal opinions on various organization issues, participate in contract negotiations, and to act as a liaison with outside law firms retained by the organization is called ___.
GENERAL COUNSEL
A network security device that acts as a decoy to analyze hacker activity is called ___.
HONEYPOT
Any rules prescribed under the authority of a government entity; establishes legal thresholds is called ___.
LAWS
A common control, such as the same ID and password, which is used across a significant population of systems, applications, and operations is called ___.
PERVASIVE CONTROL
A gateway committee that approves project funding, phases, and base requirements is called ___.
PROJECT COMMITTEE
Established rules of what an organization has to do to meet legal requirements is called ___.
REGULATIONS
A gateway committee that approves uses of specific controls for compliance is called ___.
SECURITY COMPLIANCE COMMITTEE
An individual who has extensive knowledge in a particular field is called ___.
SUBJECT MATTER EXPERT (SME)
A gateway committee that approves new vendors and has oversight of existing vendors. They make sure new vendors meet minimum security policy requirements and adequate proof of security controls like a SAS 70 is called ___.
VENDOR GOVERNANCE COMMITTEE
- Which of the following is NOT an organizational gateway committee?
- Architecture review committee
- Internal connection committee
- Vendor governance committee
- Security compliance committee
Internal connection committee
- ___ often focuses on enterprise risk management across multiple lines of business to resolve strategic business issues.
Executive management