RM1

Question 0

—- can be classified into different types: strategic, compliance, financial, operational, environmental, technical, and managerial.

Answer 0

Risks

Question 1

A risk is the likelihood that the threat agent will exploit a ___].

Answer 1

vulnerability

Question 2

There are different strategies for controlling risk. ____ is the process of assigning and revoking privileges to objects; that is, it covers the procedures of managing object authorizations.

Answer 2

Privilege management

Question 3

One element of privilege management is periodic reviewing of a subject’s privileges over an object, and is known as ____

Answer 3

privilege auditing.

Question 4

_____refers to a methodology for making changes and keeping track of those changes.

Answer 4

Change management

Question 5

Without ____ in procedures, a change may negate or diminish a previous change or even unknowingly create a security vulnerability.

Answer 5

proper documentation

Question 6

Change management seeks to approach changes systematically and provide the necessary ____] of the changes.

Answer 6

documentation

Question 7

____ is the framework and functions required to enable incident response and incident handling within an organization.

Answer 7

Incident management

Question 8

The objective of incident management is to ____ the normal operations as quickly as possible with the least possible impact on either the business or the users.

Answer 8

restore

Question 9

A security policy is a ____

Answer 9

written document that states how an organization plans to protect the company’s information technology assets.

Question 10

An effective security policy must carefully balance two key elements, _____.

Answer 10

trust and control

Question 11

A security policy attempts to provide a balance between ____

Answer 11

no trust and too much trust.

Question 12

The appropriate level of control is determined by the ____

Answer 12

security needs and the culture of the organization.

Question 13

A ___] is a collection of requirements specific to the system or procedure that must be met by everyone

Answer 13

standard

Question 14

_____ is a collection of suggestions that should be implemented.

Answer 14

Guideline

Question 15

A ____ is a document that outlines specific requirements or rules that must be met, and is the correct means to be used for establishing security.

Answer 15

policy

Question 16

Most organizations follow a three-phase cycle in the development and maintenance of a security policy. The first phase is a _____; the second phase is to use the _____ to ____. The final phase is to ____

Answer 16

risk management study
risk management study/ develop the policy
review the policy for compliance.

Question 17

An ___ defines the actions users may perform while accessing systems and networking equipment.

Answer 17

acceptable use policy (AUP)

Question 18

Because privacy is of growing concern, many organizations have a ____that outlines how the organization uses information it collects.

Answer 18

privacy policy

Question 19

Policies of the organization that address security as it relates to human resources are known as ____.

Answer 19

security-related human resource policies

Question 20

A ____addresses how passwords are created and managed.

Answer 20

password management and complexity policy

Question 21

A ____ addresses how to dispose of confidential resources. This policy often covers how long records and data will be retained.

Answer 21

disposal and destruction policy

Question 22

A _____ produces a standardized framework for classifying information assets.

Answer 22

classification of information policy

Question 23

An —- is a written code of conduct intended to be a central guide and reference for employees in support of day-to-day decision making.

Answer 23

ethics policy

Question 24

To provide users with the knowledge and skills necessary to support information security, users need to receive ongoing ____

Answer 24

awareness and training.

Question 25

_____ involve instruction regarding compliance, secure user practices, and an awareness of threats. There are also techniques that should be considered to make the training informative and useful.

Answer 25

Awareness and training

Question 26

____ A policy that defines the actions users may perform while accessing systems and networking equipment.

Answer 26

acceptable use policy (AUP)

Question 27

A methodology for making modifications to a system and keeping track of those changes.

Answer 27

change management

Question 28

The “framework” and functions required to enable incident response and incident handling within an organization.

Answer 28

incident management

Question 29

A network that does not have servers, so each device simultaneously functions as both a client and a server to all other devices connected to the network.

Answer 29

peer-to-peer (P2P) network

Question 30

A policy that outlines how the organization uses personal information it collects.

Answer 30

privacy policy

Question 31

A written document that states how an organization plans to protect the company’s information technology assets.

Answer 31

security policy

Question 32

Grouping individuals and organizations into clusters or groups based on a like affiliation.

Answer 32

social networking

Question 33

Web sites that facilitate linking individuals with common interests like hobbies, religion, politics, or school or work contacts.

Answer 33

social networking sites