IS4550 CHAPTER 2 Flashcards

1
Q

Formal written policies that describe proper and unacceptable behavior when using computer and network systems is called ___.

A

ACCEPTABLE USE POLICIES (AUPs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A security control that stops behavior immediately and does not rely on human decisions is called ___.

A

AUTOMATED CONTROL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A confirmed event that compromises the confidentiality, integrity, or availability of information is called ___.

A

BREACH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Most senior leader responsible for managing risks related to data privacy is called ___.

A

CHIEF PRIVACY OFFICER (CPO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Legally binding agreements on the handling and disclosure of company material is called ___.

A

CONFIDENTIALITY AGREEMENT (CA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A security control that restores a system or process is called ___.

A

CORRECTIVE CONTROL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Level of protection based on data type is called ___.

A

DATA CLASSIFICATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

With ___ the actual information can be viewed only when the data is decrypted with a key.

A

DATA ENCRYPTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A manual security control that identifies a behavior after it has happened is called ___.

A

DETECTIVE CONTROL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Any digital material owned by an organization including text, graphics, audio, video, and animations is called ___.

A

DIGITAL ASSETS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The concept that an individual should know what information about them is being collected. An individual should also be told how that information is being used is called ___.

A

FULL DISCLOSURE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Any product of human intellect that is unique and not obvious with some value in the marketplace is called ___.

A

INTELLECTUAL PROPERTY (IP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A mark or comment placed inside the document itself indication a level of protection is called ___.

A

LABEL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A security control that does not stop behavior immediately and relies on human decisions is called ___.

A

MANUAL CONTROL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Legally binding agreement on the handling and disclosure of company material is called ___.

A

NON-DISCLOSURE AGREEMENT (NDA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The difference between what policies and procedure state should be done and what is actually performed is called ___.

A

OPERATIONAL DEVIATION

17
Q

Sensitive information used to uniquely identify an individual in a way that could potentially be exploited is called ___.

A

PERSONALLY IDENTIFIABLE INFORMATION (PII)

18
Q

An automated security control that stops a behavior immediately is called ___.

A

PREVENTIVE CONTROL

19
Q

Any record required by law to be made available to the public and are made or filed by a governmental entity is called ___.

A

PUBLIC RECORD

20
Q

The risk that remains after all the controls have been applied is called ___.

A

RESIDUAL RISK

21
Q

Training about security policies, threats, and handling of digital assets is called ___.

A

SECURITY AWARENESS PROGRAM

22
Q

Adherence to the organization’s set of rules with regard to policy is called ___.

A

SECURITY POLICY COMPLIANCE

23
Q
  1. Policy compliance is ___?
  2. The effort to follow an organization’s policy
  3. When customers read a Web site policy statement
  4. Adherence to an organization’s policy
  5. Failure to follow to an organization’s policy
A

Adherence to an organization’s policy

24
Q
  1. What is an automated control?
  2. A control that stops behavior immediately and does not rely on human decisions
  3. A control that does not stop behavior immediately and relies on human decisions
  4. A control that does not stop behavior immediately but automates notification of incident
  5. A control that stops behavior immediately and relies on human decisions
A

A control that stops behavior immediately and does not rely on human decisions

25
Q
  1. Which of the following is NOT a business driver?
  2. Ability to acquire the newest technology
  3. Cost of maintaining controls
  4. Ability to legally defend
  5. Customer satisfaction
A

Ability to acquire the newest technology

26
Q
  1. A firewall is generally considered an example of a ___ control.
A

Preventive

27
Q
  1. What is an information security policy?
  2. A policy that defines acceptable behavior of a customer
  3. A policy that defines what hardware to purchase
  4. A policy that defines how to protect information in any form
  5. A policy that defines the type of uniforms guards should wear
A

A policy that defines how to protect information in any form

28
Q
  1. Which of the following is not a type of security control?
  2. Preventative
  3. Correlative
  4. Detective
  5. Corrective
A

Correlative

29
Q
  1. Security awareness programs have two enforcement components: the ___ and the ___.
  2. Carrot, rewards
  3. Leaders, managers
  4. Board of directors, HR
  5. Carrot, stick
A

Carrot, stick

30
Q
  1. Most security policies require that a label be applied when a document is classified.
    TRUE OR FALSE
A

FALSE

31
Q
  1. What are the benefits to having a security awareness program emphasize the business risk?
  2. Risk becomes more relevant to employees
  3. Security policies are more likely to be followed
  4. Provides employees a foundation to deal with unexpected risk
  5. All the above
A

Risk becomes more relevant to employees
Security policies are more likely to be followed
Provides employees a foundation to deal with unexpected risk

ALL the answers

32
Q
  1. Within which of the following do security policies need to define PII legal requirements?
  2. The context of the business and location
  3. The limits set by the business to maximize profit
  4. What is acceptable by the shareholders
  5. Moral obligation to the greater good
A

The context of the business and location

33
Q
  1. Information used to open or access a bank account is generally considered PII data.
    TRUE OR FALSE
A

TRUE

34
Q
  1. Which of the following is not a benefit of having an acceptable use policy?
  2. Outlines disciplinary action for improper behavior
  3. Prevents employees from misusing the Internet
  4. Reduces business liability
  5. Defines proper behavior while using the Internet
A

Prevents employees from misusing the Internet

35
Q
  1. Lower risk exposure can be perceived only through actual measurement.
    TRUE OR FALSE
A

FALSE

36
Q
  1. Which of the following do you need to measure to achieve operational consistency?
  2. Consistency
  3. Quality
  4. Results
  5. All the above
A

Consistency
Quality
Results
ALL the answers

37
Q
  1. Well-defined and properly implemented security policies help the business in which of the following ways?
  2. Maximize profit
  3. Reduce risk
  4. Produce consistent and reliable products
  5. All the above
A

Maximize profit
Reduce risk
Produce consistent and reliable products

ALL the answers