Chat with AIExam 4: Information Security Policy
Exam 1: Introduction to the Management of Information Security139 Questions
Exam 2: Planning for Security123 Questions
Exam 3: Planning for Contingencies114 Questions
Exam 4: Information Security Policy133 Questions
Exam 5: Developing the Security Program133 Questions
Exam 6: Security Management Models120 Questions
Exam 7: Security Management Practices114 Questions
Exam 8: Risk Management: Identifying and Assessing Risk78 Questions
Exam 9: Risk Management: Controlling Risk105 Questions
Exam 10: Protection Mechanisms133 Questions
Exam 11: Personnel and Security133 Questions
Exam 12: Law and Ethics113 Questions
Select questions type
In order to avoid reprisal or retaliation against employees,reporting of violations of policy should be set up to be ____________________ .
(Short Answer)
4.7/5 
(28)
(28) Configuration codes entered into security systems to guide the execution of the system when information is passing through it are called ____.
(Multiple Choice)
4.8/5 (47)
(47) A disadvantage of creating a number of independent ISSP documents is that the result may ____.
(Multiple Choice)
4.9/5 (36)
(36) Granularity is the level of specificity and detail with which administrators can control access to their systems._________________________
(True/False)
4.8/5 (29)
(29) The ISSP sections Authorized Access and Usage of Equipment and Prohibited Usage of Equipment may be combined into a section called ____.
(Multiple Choice)
4.8/5 (34)
(34) A(n)standard is a more detailed statement of what must be done to comply with a policy._________________________
(True/False)
4.8/5 (30)
(30) The ____ layer is the outermost layer of the bull's-eye model,hence the first to be assessed for marginal improvement.
(Multiple Choice)
4.8/5 (33)
(33) Which of the following is a type of information security policy that deals with the entirety of an organization's information security efforts?
(Multiple Choice)
4.8/5 (35)
(35) The responsibilities of both the users and the systems administrators with regard to specific technology rules should be specified in the ____________________ section of the ISSP.
(Short Answer)
4.9/5 (33)
(33) If multiple audiences exist for information security policies,different documents must be created for each audience.
(True/False)
4.8/5 (38)
(38) ____ comprise a set of rules that dictates acceptable and unacceptable behavior within an organization.
(Multiple Choice)
4.9/5 (32)
(32) Which of the following is NOT a guideline that may help in the formulation of information technology (IT)policy as well as information security policy?
(Multiple Choice)
4.8/5 (42)
(42) Unless a policy actually reaches the end users,it cannot be enforced.
(True/False)
4.9/5 (36)
(36) A(n)enterprise information security policy is a type of information security policy that provides detailed,targeted guidance to instruct all members of the organization in the use of technology-based systems._________________________
(True/False)
4.8/5 (37)
(37) A disadvantage of creating a single comprehensive ISSP document is that such a document ____.
(Multiple Choice)
4.8/5 (34)
(34) Which of the following is true about information security policy?
(Multiple Choice)
4.9/5 (37)
(37) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)