Chat with AIExam 4: Information Security Policy
Exam 1: Introduction to the Management of Information Security139 Questions
Exam 2: Planning for Security123 Questions
Exam 3: Planning for Contingencies114 Questions
Exam 4: Information Security Policy133 Questions
Exam 5: Developing the Security Program133 Questions
Exam 6: Security Management Models120 Questions
Exam 7: Security Management Practices114 Questions
Exam 8: Risk Management: Identifying and Assessing Risk78 Questions
Exam 9: Risk Management: Controlling Risk105 Questions
Exam 10: Protection Mechanisms133 Questions
Exam 11: Personnel and Security133 Questions
Exam 12: Law and Ethics113 Questions
Select questions type
According to Charles Cresson Wood "policies are important reference documents for internal ____ and for the resolution of legal disputes about management's due diligence; policy documents can act as a clear statement of management's intent".
(Multiple Choice)
4.9/5 
(30)
(30) The ____ component of an EISP defines the organizational structure designed to support information security within the organization.
(Multiple Choice)
4.8/5 (44)
(44) To ensure due diligence an organization must demonstrate that it is continuously attempting to meet the requirements of the market in which it operates._________________________
(True/False)
4.9/5 (32)
(32) An individual approach to creating the ISSPs is well controlled by centrally managed procedures assuring complete topic coverage.
(True/False)
4.8/5 (44)
(44) In some organizations,that which is not permitted is ____________________ while in other organizations,the reverse is true.
(Short Answer)
4.7/5 (33)
(33) If an organization wants to prohibit the criminal use of the organization's information systems,it should do so in the Systems Management section of the ISSP._________________________
(True/False)
4.8/5 (29)
(29) Practices,procedures,and ____________________ consist of detailed steps that must meet the requirements of standards.
(Short Answer)
4.9/5 (31)
(31) For policies to be effective,they must first be developed using generally-accepted practices._________________________
(True/False)
4.9/5 (29)
(29) A ____ specifies which subjects and objects users or groups can access.
(Multiple Choice)
4.8/5 (35)
(35) The ISSP is not a binding agreement between the organization and its members.
(True/False)
4.9/5 (32)
(32) A quality information security program begins and ends with policy.
(True/False)
4.7/5 (39)
(39) Access control lists can only be used to restrict access according to the user.
(True/False)
4.8/5 (42)
(42) A(n)individual approach to creating the ISSPs can suffer from poor policy dissemination,enforcement,and review._________________________
(True/False)
4.8/5 (37)
(37) The information security policy is written during the ____ phase of the SecSDLC.
(Multiple Choice)
4.8/5 (40)
(40) ____________________ include the user access lists,matrices,and capability tables that govern the rights and privileges of users.
(Short Answer)
4.8/5 (39)
(39) Users have the right to use an organization's information systems to browse the Web,even if this right is not specified in the ISSP.
(True/False)
4.9/5 (36)
(36) To be certain that employees understand the policy,the document must be written at a reasonable reading level with minimal ____.
(Multiple Choice)
4.9/5 (40)
(40) A ____ is a more detailed statement identifying a measurement of behavior and specifies what must be done to comply with a policy.
(Multiple Choice)
4.8/5 (29)
(29) A(n)____________________ issue-specific security policy document unifies policy creation and administration,while maintaining each specific issue's requirements.
(Short Answer)
4.8/5 (36)
(36) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)