Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IS4550 SECURITY POLICIES > IS4550 CHAPTER 7 > Flashcards

IS4550 CHAPTER 7 Flashcards

1
Q

The approach of using multiple layers of security to protect against a single point is called ___.

A

DEFENSE IN DEPTH

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A person with enthusiasm for a cause or project and often gains acceptance for a project from a wide audience is called ___.

A

EVANGELIST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The practice and science of classification and hierarchical ___ is a tree structure of classifications for a given set of objects or documents is called ___.

A

TAXONOMY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. When writing policies and standards, you should address the six key questions who, what, where, when, why and how.
    TRUE OR FALSE
A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. All policy and standards libraries follow a universal numbering scheme for consistency between organizations.
    TRUE OR FALSE
A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Guideline documents are often tied to a specific control standard.
    TRUE OR FALSE
A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Which of the following is not an administrative control?
  2. Development of policies, standards, procedures, and guidelines
  3. Screening of personnel
  4. Change control procedures
  5. Logical access control mechanisms
A

Logical access control mechanisms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Which of the following are common steps taken in the development of documents such as security policies, standards, and procedures?
  2. Design, development, publication, coding, and testing
  3. Feasibility, development, approval, implementation and integration
  4. Initiation, evaluation, development, approval, publication, implementation, and maintenance
  5. Design, coding, evaluation, approval, publication, and implementation
A

Initiation, evaluation, development, approval, publication, implementation, and maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which departments should review policies and standards before official approval? (Select four)
  2. Technical
  3. Legal
  4. HR
  5. Maintenance
  6. Audit
A

Technical
Legal
HR
Audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Controls are implemented to do which of the following?
  2. Create new standards
  3. Protect systems from attacks on the confidentiality, integrity, and availability of the system
  4. Eliminate all risk and eliminate the potential for loss
  5. Support guidelines
A

Protect systems from attacks on the confidentiality, integrity, and availability of the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which type of control is associated with responding to and fixing a security incident?
  2. Deterrent
  3. Compensating
  4. Corrective
  5. Detective
A

Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. List examples of physical security control items.
A 
Devices and processes used to control physical access
Fences
Security guards
Locked doors
Motion detectors
Alarms
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Security ___ are the technical implementations of the policies defined by the organization.
A

Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. A(n) ___ is a plan or course of action used by an organization to convey instructions from its senior-most management to those who make decisions, take actions, and perform other duties on behalf of the organization.
A

Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. The principle that states security is improved when it is implemented as a series of overlapping controls is called ___.
A

Defense in depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Security principles are needed in the absence of complete information to make high-quality security decisions.
    TRUE OR FALSE
A

TRUE

17
Q
  1. “Access to all Organization information resources connected to the network must be controlled by using user IDs and appropriate authentication” is a statement you might find in a procedure document.
    TRUE OR FALSE
A

FALSE

18
Q
  1. Which of the following does a policy change control board do? (Select two).
  2. Assess policies and standards and makes recommendations for change
  3. Determines the policy and standards library numbering scheme
  4. Implements technical controls as business conditions change
  5. Review requested changes too the policy framework
A

Assess policies and standards and makes recommendations for change
Review requested changes too the policy framework

IS4550 SECURITY POLICIES (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions