PRIN INFO SEC CH4

A(n) ________ plan is a plan for the organization’s intended strategic efforts over the next several years

The goals of information security governance include all but which of the following?

Standards may be published, scrutinized, and ratified by a group, as in formal or ________standards

The ________is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.

________often function as standards or procedures to be used when configuring or maintaining systems

A security ________ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.

The stated purpose of ISO/IEC 27002 is to “offer guidelines and voluntary directions for information security __________."

When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems

SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security

In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework that intends to allow organization to __________.

__________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection

__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information.

The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization.

_______ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.

_________ controls address personnel security, physical security, and the protection of production inputs and

Security __________ are the areas of trust within which users can freely communicate.

The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees

Question 22 2 / 2 points A(n) _________ is a document containing contact information for the people to be notified in the event of an incident.

Incident _________ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.

RAID is an acronym for a __________ array of independent disk drives that stores information across multiple units to spread out data and minimize the impact of a single drive failure.

The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.

A ____ site provides only rudimentary services and facilities