Audits serve to verify that the security protections enacted by an organization are being followed and that corrective actions can be swiftly implemented before an attacker exploits a vulnerability. |
True |
The first phase of the security policy cycle involves a vulnerability assessment. |
True |
What may be defined as the components required to identify, analyze, and contain an incident? |
Incident response |
What kind of learners learn from taking notes, being at the front of the class, and watching presentations? |
Visual |
Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment? |
Acceptable use policies |
Most organizations follow a three-phase cycle in the development and maintenance of a security policy. |
True |
What concept below is at the very heart of information security? |
risk |
What kind of policy outlines how organizations use personal information it collects? |
privacy |
A person’s fundamental beliefs and principals, which are used to define what is good, and how to distinguish right from wrong, are collectively called a person’s: |
Values |
The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the users. |
true |
What are values that are attributed to a system of beliefs that help the individual distinguish right from wrong called? |
Morals |
A due process policy is a policy that defines the actions users may perform while accessing systems and networking equipment. |
False |
Which type of network below uses a direct connection between users, and involves each device simultaneously acting as a client and a server? |
P2P |
What type of learner tends to sit in the middle of the class and learns best through lectures and discussions? |
Auditory |
Select below the option that best describes a policy: |
A document that outlines specific requirements or rules that must be met |
Websites that group individuals and organizations into clusters or groups based on some sort of affiliation are considered to be what type of websites? |
social networking |
What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization? |
Incident management |
Due to the potential impact of changes that can affect all users in a organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes? |
change management team |
What is the most common type of P2P network? |
Bittorrent |
A collection of suggestions that should be implemented are referred to as a: |
guideline |
The "framework" and functions required to enable incident response and incident handling within an organization |
Incident management |
Risk control type that covers the operational procedures to limit risk. |
Operational Risk Control Type |
A risk control type that involves using technology to control risk |
Technical risk control type |
A methodology for making modifications to a system and keeping track of those changes. |
Change Management |
The expected monetary loss every time a risk occurs. |
Single Loss Expectancy (SLE) |
A security policy that outlines how the organization uses personal information it collects. |
privacy policy |
An event that in the beginning is considered to be a risk yet turns out to not be one. |
False positive |
A policy that defines the actions users may perform while access systems and networking equipment |
Acceptable use policy |
A network that does not have servers, so each device simultaneously functions as both a client and a server to all other devices connected to the network. |
Peer-to-peer Network |
An event that does not appear to be a risk but actually turns out to be one. |
False negative |
security chapter 14
Share This
Unfinished tasks keep piling up?
Let us complete them for you. Quickly and professionally.
Check Price