FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 4: Planning for Security

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 1

Multiple Choice

Review LaterAdd Note

Review Later

According to NIST SP 800-14's security principles, security should ________.

A)  support the mission of the organization
B)  require a comprehensive and integrated approach 
C)  be cost-effective
D)  All of the above

E) None of the above
F) A) and D)

Correct Answer

verified

Show Answer

Question 2

True/False

Review LaterAdd Note

Review Later

Technical controls are the tactical and technical implementations of security in the organization. _________________________

A) True
B) False

Correct Answer

verified

True

Question 3

Multiple Choice

Review LaterAdd Note

The ________is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.

The policy administrator is responsible for the creation, revision, distribution, and storage of the policy.

A(n) differential backup only archives the files that have been modified that day, and thus requires less space and time than a full backup. _________________________

Implementing multiple types of technology and thereby precluding that the failure of one system will compromise the security of information is referred to as ____________________.

A disaster recovery plan shows the organization's intended efforts to restore operations at the original site in the aftermath of a disaster.

A(n) ____________________ plan ensures that critical business functions continue if a catastrophic incident or disaster occurs.

The stated purpose of ISO/IEC 27002 is to "offer guidelines and voluntary directions for information security __________." 

A(n) sequential roster is activated as the first person calls a few people on the roster, who in turn call a few other people. _________________________

_________ controls address personnel security, physical security, and the protection of production inputs and outputs.

ACLs are more specific to the operation of a system than rule-based policies and they may or may not deal with users directly.

To achieve defense in depth, an organization must establish multiple layers of security controls and safeguards.

The security model is the basis for the design, selection, and implementation of all security program elements, including policy implementation and ongoing policy and program management. _________________________

Good security programs begin and end with policy.

A(n) ____________________ is an adverse event that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization.

To remain viable, security policies must have a responsible individual, a schedule of reviews, a method for making recommendations for reviews, and policy issuance and planned revision dates.

Many organizations have policies that prohibit the installation of _________________________ tools without the written permission of the CISO.

A service bureau is an agency that provides a service for a fee. _________________________

A(n) _________ is a document containing contact information for the people to be notified in the event of an incident.