IS4680 Chapter 6

Question 1

Baseline controls

Answer 1

Countermeasures that apply broadly to the entire IT infrastructure.

Question 2

CAATT - Computer assisted audit tools and techniques

Answer 2

Automated computerized tools and techniques auditors used to aid them in their auditing functions.

Question 3

CMDB - Configuration management database

Answer 3

A central repository of system configuration items.

Question 4

ISSAF - Information Systems Security Assessment Framework

Answer 4

A method for evaluation networks, systems, and applications.

Question 5

IP - Internet Protocol address

Answer 5

A numerical representation that identifies a system node on a computer network.

Question 6

Network scan

Answer 6

An automated method for discovering host systems on a network.

Question 7

NIST 800-15

Answer 7

A NIST published technical guide to conducting information security tests and assessments.

Question 8

OSSTMM - Open Source Security Testing Methodology Manual

Answer 8

A method that takes a scientific approach to security testing.

Question 9

Risk appetite

Answer 9

The degree of risk that an organization is willing to accept to achieve its goals.

Question 10

Risk tolerance

Answer 10

The range of acceptance of risks to keep an organization within their appetite for risk.

Question 11

Rotation of duties

Answer 11

The process of rotating employees into different functions or job roles.

Question 12

SCM - Security configuration management

Answer 12

The process and techniques around managing security-related configuration items that directly relate to controls or settings.

Question 13

TCP/IP - Transmission Control Protocol/Internet Protocol

Answer 13

A suite of protocols consisting of four layers, which describes how nodes on networks, including the Internet, interact and communicate.

Question 14

Vulnerability scan

Answer 14

An automated method for testing a system’s services and applications for known security holes.