Exam 11: Wireless Security Policy

The risks for the least important assets should be reduced first.

____ is the process of tracking the assets.

The proper development of a security policy is accomplished through what is called the ____.

A ____ is a document that outlines specific requirements or rules that must be met.

The ALE is calculated by multiplying the SLE by the ____________________.

The ____ is the expected monetary loss every time a risk occurs.

If policies are too restrictive or too hard to implement and comply with, they will either be ignored or people will find a way to circumvent the controls in the policies.

The main purpose of an ethics code is to state the values, principles, and ideals that each member of an organization must agree to.

What are the options faced by an organization when confronted with a risk?

What are some of the principles that are involved for good compliance monitoring and evaluation?

Why is it critical to have users "buy in" to the policy and willingly follow it?

____ is defined as the obligations that are imposed on owners and operators of assets to exercise reasonable care of the assets and take necessary precautions to protect them.

A(n) ____ involves determining the damage that would result from an attack and the likelihood that a vulnerability is a risk to the organization.

Briefly describe the areas that should be considered when creating an incident response team (IRT).

Many organizations now enforce a(n) ____ policy to address accessing public hotspots.

What are the layers of information security?

What are the three models of trust?

The SLE is computed by multiplying the value of the asset (Asset Value or AV) by the ____________________.

The best approach to creating a security policy is for a member of the IT staff to create the document in a few days with little or no input from other individuals.