Chat with AIExam 4: Information Security Policy
Exam 1: Introduction to the Management of Information Security139 Questions
Exam 2: Planning for Security123 Questions
Exam 3: Planning for Contingencies114 Questions
Exam 4: Information Security Policy133 Questions
Exam 5: Developing the Security Program133 Questions
Exam 6: Security Management Models120 Questions
Exam 7: Security Management Practices114 Questions
Exam 8: Risk Management: Identifying and Assessing Risk78 Questions
Exam 9: Risk Management: Controlling Risk105 Questions
Exam 10: Protection Mechanisms133 Questions
Exam 11: Personnel and Security133 Questions
Exam 12: Law and Ethics113 Questions
Select questions type
Practices are built on sound policy and carry the weight of policy._________________________
(True/False)
4.8/5 
(28)
(28) In the bull's-eye model,issues are addressed by moving from the general to the specific,always starting with policy.That is,the focus is on
solutions instead of individual problems._________________________
(True/False)
4.9/5 (37)
(37) To be effective,policy must be uniformly applied to all employees,including executives.
(True/False)
4.9/5 (46)
(46) Policies must note the existence of penalties for unacceptable behavior and define an appeals process.
(True/False)
4.9/5 (34)
(34) A policy acknowledgment screen that does not require any unusual action on the part of the user to move past it is a ____.
(Multiple Choice)
4.8/5 (43)
(43) Some policies incorporate a(n)sunset clause indicating a specific date the policy will expire._________________________
(True/False)
4.7/5 (34)
(34) One of the goals of an issue-specific security policy is to indemnify the organization against liability for an employee's inappropriate or illegal use of the system.
(True/False)
4.9/5 (32)
(32) List the significant guidelines used in the formulation of effective information security policy.
(Essay)
4.8/5 (35)
(35) The computers used in an organization are part of the ____________________ layer of the bull's-eye model.
(Short Answer)
4.7/5 (41)
(41) In an organization,a(n)____________________ security policy provides detailed,targeted guidance to instruct all the members in the use of technology-based systems.
(Short Answer)
4.7/5 (39)
(39) The analysis phase of the SecSDLC in policy development should produce a new or recent risk assessment or IT audit documenting the current information security needs of the organization._________________________
(True/False)
4.8/5 (37)
(37) Configuration rules are configuration codes that guide the execution of a system when information is passing through it._________________________
(True/False)
4.8/5 (38)
(38) During the ____ phase of the SecSDLC,the information security policy is monitored,maintained,and modified as needed.
(Multiple Choice)
5.0/5 (37)
(37) Policy servers code organization-specific policies in a special machine-readable language that then can be accessed by operating systems,access control packages,and network management systems._________________________
(True/False)
4.8/5 (31)
(31) A quality information security program begins and ends with ____________________ .
(Short Answer)
5.0/5 (35)
(35) A(n)capability table specifies which subjects and objects that users or groups can access._________________________
(True/False)
4.9/5 (48)
(48) During the ____ phase of the SecSDLC,the team must create a plan to distribute,and verify the distribution of,the policies.
(Multiple Choice)
4.8/5 (39)
(39) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)