Chat with AIExam 4: Information Security Policy
Exam 1: Introduction to the Management of Information Security139 Questions
Exam 2: Planning for Security123 Questions
Exam 3: Planning for Contingencies114 Questions
Exam 4: Information Security Policy133 Questions
Exam 5: Developing the Security Program133 Questions
Exam 6: Security Management Models120 Questions
Exam 7: Security Management Practices114 Questions
Exam 8: Risk Management: Identifying and Assessing Risk78 Questions
Exam 9: Risk Management: Controlling Risk105 Questions
Exam 10: Protection Mechanisms133 Questions
Exam 11: Personnel and Security133 Questions
Exam 12: Law and Ethics113 Questions
Select questions type
In the modular approach to creating the ISSP,each of the modules is created and updated by the individuals who are responsible for a specific issue.
(True/False)
4.8/5 
(29)
(29) An organization may include a set of disclaimers in the ____ section of the ISSP.
(Multiple Choice)
4.9/5 (44)
(44) The ____________________ layer is the place where threats from public networks meet the organization's networking infrastructure in the bull's-eye model.
(Short Answer)
4.9/5 (42)
(42) The Prohibited Usage of Equipment section of the ISSP specifies the penalties and repercussions of violating the usage and systems management policies._________________________
(True/False)
4.9/5 (41)
(41) To ensure ____,an organization must demonstrate that it is continuously attempting to meet the requirements of the market in which it operates.
(Multiple Choice)
4.8/5 (29)
(29) A detailed outline of the scope of the policy development project is created during the ____ phase of the SecSDLC.
(Multiple Choice)
4.8/5 (34)
(34) For most corporate documents,a score of ____ is preferred as a Flesch-Kincaid Grade Level score.
(Multiple Choice)
4.9/5 (36)
(36) Which of the following would not necessarily be a good reference or resource in writing good policy documents from scratch?
(Multiple Choice)
4.9/5 (40)
(40) The three types of information security policies include enterprise information security program policy,issue-specific security policies,and ____________________ security policies.
(Short Answer)
4.9/5 (38)
(38) When more than two audiences are to be addressed by separate policy documents,it is recommended that a(n)____________________ be prepared before actually writing the first draft policy documents.
(Short Answer)
4.9/5 (35)
(35) According to Confucius,"Tell me,and I forget; show me,and I remember; let me do and I ____."
(Multiple Choice)
4.7/5 (44)
(44) A(n)____________________ screen is an acknowledgment screen that does not require any unusual action on the part of the user to move past the screen.
(Short Answer)
4.8/5 (35)
(35) A policy should be "signed into law" by a high-level manager before the collection and review of employee input.
(True/False)
4.8/5 (44)
(44) Information security is defined in the ____ component of an EISP.
(Multiple Choice)
4.8/5 (34)
(34) Access control lists can be used to control access to file storage systems.
(True/False)
4.9/5 (37)
(37) A risk assessment is performed during the ____ phase of the SecSDLC.
(Multiple Choice)
4.8/5 (25)
(25) Policies must also specify the penalties for unacceptable behavior and define a(n)____.
(Multiple Choice)
4.8/5 (43)
(43) Typically,the information security policy administrator is ____.
(Multiple Choice)
4.9/5 (42)
(42) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)