PRIN INFO SEC CH4
A(n) ________ plan is a plan for the organization’s intended strategic efforts over the next several years
STANDARD
OPERATIONAL
TACTICAL
STRATEGIC
The goals of information security governance include all but which of the following?
Regulatory compliance by using information security knowledge and infrastructure to support minimum standards of due care
Strategic alignment of information security with business strategy to support organizational objectives
Risk management by executing appropriate measures to manage and mitigate threats to information resources
Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved
Standards may be published, scrutinized, and ratified by a group, as in formal or ________standards
DE FORMALE
DE PUBLIC
DE JURE
DE FACTO
The ________is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.
SYSSP
EISP
GSP
ISSP
________often function as standards or procedures to be used when configuring or maintaining systems
ESSPs
EISPs
ISSPs
SysSPs
A security ________ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.
PLAN
FRAMEWORK
MODEL
POLICY
The stated purpose of ISO/IEC 27002 is to “offer guidelines and voluntary directions for information security __________."
IMPLEMENTATION
CERTIFICATION
MANAGEMENT
ACCREDITATION
When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems
The standard lacked the measurement precision associated with a technical standard.
It was not as complete as other frameworks.
The standard was hurriedly prepared given the tremendous impact its adoption could have on industry information security controls
The global information security community had already defined a justification for a code of practice, such as the one identified in ISO/IEC 17799
SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security
PLAN
STANDARD
POLICY
BLUEPRINT
In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework that intends to allow organization to __________.
Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process
Assess progress toward a recommended target state
Communicate among local, state and national agencies about cybersecurity risk
None of these
__________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection
NETWORKING
PROXY
DEFENSE IN DEPTH
BEST EFFORT
__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information.
FIREWALLING
HOSTING
REDUNDANCY
DOMAINING
The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization.
TECHNOLOGY
INTERNET
PEOPLE
OPERATIONAL
_______ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.
MANAGERIAL
TECHNICAL
OPERATIONAL
INFORMATIONAL
_________ controls address personnel security, physical security, and the protection of production inputs and
INFORMATIONAL
OPERATIONAL
TECHNICAL
MANAGERIAL
Security __________ are the areas of trust within which users can freely communicate.
PERIMETERS
DOMAINS
RECTANGLES
LAYERS
The SETA program is a control measure designed to reduce the instances of __________ security breaches by employees
INTENTIONAL
EXTERNAL
ACCIDENTAL
PHYSICAL
Question 22 2 / 2 points A(n) _________ is a document containing contact information for the people to be notified in the event of an incident.
EMERGENCY NOTIFICATION SYSTEM
ALERT ROSTER
PHONE LIST
CALL REGISTER
Incident _________ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.
DAMAGE ASSESSMENT
CONTAINMENT STRATEGY
INCIDENT RESPONSE
DISASTER ASSESSMENT
RAID is an acronym for a __________ array of independent disk drives that stores information across multiple units to spread out data and minimize the impact of a single drive failure.
REPLICATED
RESISTANT
RANDOM
REDUNDANT
The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.
OFF-SITE STORAGE
REMOTE JOURNALING
ELECTRONIC VAULTING
DATABASE SHADOWING
A ____ site provides only rudimentary services and facilities
COMMERCIAL
WARM
HOT
COLD
{"name":"PRIN INFO SEC CH4", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"A(n) ________ plan is a plan for the organization’s intended strategic efforts over the next several years, The goals of information security governance include all but which of the following?, Standards may be published, scrutinized, and ratified by a group, as in formal or ________standards","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}
More Quizzes
What's your MurLarketype? Take this quiz and find out.
940
Mechanical properties
1160
Plural of nouns
10510
Tema 2
14717
CH.8 REVIEW
1050
Law
320
Grunnleggende Kubernetes
740
Kürtmüsün
210
Sports and likeing
320
Astronomy
1050
Welcome to the third edition of the Student Wellness Outreach Trivia.
10525
Food Quality Assurance and ISO
630