IS4550 CHAPTER 5 Flashcards

1
Q

A STATE OF INDIFFERENCE, OR THE SUPPRESSION OF EMOTIONS SUCH AS CONCERN, EXCITEMENT, MOTIVATION AND PASSION is called ___.

A

APATHY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An individual accountable for assess ing the design and effectiveness of security policies and may be internal or external to an organization is called ___.

A

AUDITOR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An individual accountable for monitoring adherence to laws and regulations is called ___.

A

COMPLIANCE OFFICER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An individual responsible for the day-to-day maintenance of data and the quality of that data. May perform backups and recover data as needed. Also grants access based on approval from the data owner is called ___.

A

DATA CUSTODIAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An individual who establishes procedures on how data should be handled is called ___.

A

DATA MANAGER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An individual who approves user access rights to information that is needed to perform day-to-day operations is called ___.

A

DATA OWNER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The end user of an application. Is accountable for handling data appropriately by understanding security policies and following approved processes and procedures is called ___.

A

DATA USER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How various tasks are grouped into specialties to enhance the depth and quality of work product is called ___.

A

DIVISION OF LABOR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A senior business leader accountable for approving security policy implementation, driving the security message within an organization, and ensuring that policies are given appropriate priority is called ___.

A

EXECUTIVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An organization with few layers separating the leaders from the bottom ranks of workers is called ___.

A

FLAT ORGANIZATIONAL STRUCTURE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An organization with multiple layers of reporting, which separates leaders from the bottom ranks of workers is called ___.

A

HIERARCHICAL ORGANIZATIONAL STRUCTURE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An individual accountable for identifying, developing, and implementing security policies and corresponding security controls is called ___.

A

INFORMATION SECURITY OFFICER (ISO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Relates to the number of areas of control achieved through the number of direct reports found in an organization is called ___.

A

SPAN OF CONTROL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Which of the following is a basic element of motivation?
  2. Pride
  3. Self-interest
  4. Success
  5. 2 and 3
  6. All the above
A

ALL THE ABOVE
Pride
Self-interest
Success

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Which personality type often breaks through barriers that previously prevent success?
  2. Attackers
  3. Commanders
  4. Analyticals
  5. Pleasers
A

Commanders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Avoiders like to ___ and will do ___ but not much more.
A

Be in the background; precisely what is asked of them

17
Q
  1. As the number of specialties increases so does ___.
A

The cost of business

18
Q
  1. In hierarchical organizations, the leaders are close to the workers that deliver products and services.
    TRUE OR FALSE
A

FALSE

19
Q
  1. User apathy often results in an employee just going through the motions.
    TRUE OR FALSE
A

TRUE

20
Q
  1. Which of the following is a method for overcoming apathy?
  2. Avoiding redundancy
  3. Issuing company directives
  4. Engaging in communication
  5. Requiring obedience to policies
A

Engaging in communication

21
Q
  1. Why is HR policy language often intentionally vague?
A

Vague avoids language that could be interpreted as an employment contract or unintended promise.
Vague allows managers and lawyers the flexibility to interpret and apply policies broadly.

22
Q
  1. In the case of policies, it is important to demonstrate to business how policies will reduce risk and will be derived in a way that keeps costs low.
    TRUE OR FALSE
A

TRUE

23
Q
  1. Interpreting security policies against new business situations and new technologies ensures the business gets the maximum benefit from the policies over time.
    TRUE OR FALSE
A

TRUE

24
Q
  1. Kotter’s EightStep Change Jodel can help an organization gain support for ___ changes.
A

Security policy

25
Q
  1. When a catastrophic security breach occurs, who is ultimately held accountable by regulators and the public?
  2. Company officers
  3. The CIO
  4. The ISO
  5. The data owner
A

Company officers

26
Q
  1. Which of the following are attributes of entrepreneurs?
  2. Innovators
  3. Well educated in business management
  4. More likely to take risks
  5. 1 and 3
  6. 2 and 3
A

1 & 3
Innovators
More likely to take risks

27
Q
  1. A company can have two sets of enterprise security policies, if necessary, to address the needs of individual business units.
    TRUE OR FALSE
A

FALSE

28
Q
  1. Which of the following is the best measure of success for a security policy?
  2. Number of security controls developed as a result
  3. The number of people aware of the policy
  4. Reduction in risk
  5. The rank of the highest executive who approved it
A

Reduction in risk