PRIN INFO SEC CH4

A(n) ________ plan is a plan for the organization’s intended strategic efforts over the next several years

STANDARD

OPERATIONAL

TACTICAL

STRATEGIC

The goals of information security governance include all but which of the following?

Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care

Strategic alignment of information security with business strategy to support organizational objectives

Risk management by executing appropriate measures to manage and mitigate threats to information resources

Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved

Standards may be published, scrutinized, and ratified by a group, as in formal or ________standards

DE FORMALE

DE PUBLIC

DE JURE

DE FACTO

The ________is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.

SYSSP

EISP

GSP

ISSP

________often function as standards or procedures to be used when configuring or maintaining systems

ESSPs

EISPs

ISSPs

SysSPs

A security ________ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.

PLAN

FRAMEWORK

MODEL

POLICY

The stated purpose of ISO/IEC 27002 is to “offer guidelines and voluntary directions for information security __________."

IMPLEMENTATION

CERTIFICATION

MANAGEMENT

ACCREDITATION

When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems

The standard lacked the measurement precision associated with a technical standard.

It was not as complete as other frameworks.

The standard was hurriedly prepared given the tremendous impact its adoption could have on industry information security controls

The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799

SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security

PLAN

STANDARD

POLICY

BLUEPRINT

In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework that intends to allow organization to __________.

Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process

Assess progress toward a recommended target state

Communicate among local, state and national agencies about cybersecurity risk

None of these

__________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection

NETWORKING

PROXY

DEFENSE IN DEPTH

BEST EFFORT

__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information.

FIREWALLING

HOSTING

REDUNDANCY

DOMAINING

The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization.

TECHNOLOGY

INTERNET

PEOPLE

OPERATIONAL

_______ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.

MANAGERIAL

TECHNICAL

OPERATIONAL

INFORMATIONAL

_________ controls address personnel security, physical security, and the protection of production inputs and

INFORMATIONAL

OPERATIONAL

TECHNICAL

MANAGERIAL

The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees

INTENTIONAL

EXTERNAL

ACCIDENTAL

PHYSICAL

Question 22 2 / 2 points A(n) _________ is a document containing contact information for the people to be notified in the event of an incident.

EMERGENCY NOTIFICATION SYSTEM

ALERT ROSTER

PHONE LIST

CALL REGISTER

Incident _________ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.

DAMAGE ASSESSMENT

CONTAINMENT STRATEGY

INCIDENT RESPONSE

DISASTER ASSESSMENT

RAID is an acronym for a __________ array of independent disk drives that stores information across multiple units to spread out data and minimize the impact of a single drive failure.

REPLICATED

RESISTANT

RANDOM

REDUNDANT

The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.

OFF-SITE STORAGE

REMOTE JOURNALING

ELECTRONIC VAULTING

DATABASE SHADOWING

PRIN INFO SEC CH4

More Quizzes