Chat with AIExam 6: Security Management Models
Exam 1: Introduction to the Management of Information Security139 Questions
Exam 2: Planning for Security123 Questions
Exam 3: Planning for Contingencies114 Questions
Exam 4: Information Security Policy133 Questions
Exam 5: Developing the Security Program133 Questions
Exam 6: Security Management Models120 Questions
Exam 7: Security Management Practices114 Questions
Exam 8: Risk Management: Identifying and Assessing Risk78 Questions
Exam 9: Risk Management: Controlling Risk105 Questions
Exam 10: Protection Mechanisms133 Questions
Exam 11: Personnel and Security133 Questions
Exam 12: Law and Ethics113 Questions
Select questions type
____ helps organizations comply with critical regulations like the Sarbanes-Oxley Act of 2002.
(Multiple Choice)
4.8/5 
(45)
(45) ____________________ channels are unauthorized or unintended methods of communications hidden inside a computer system,and include storage and timing channels.
(Short Answer)
4.8/5 (34)
(34) TCSEC is also known as the "Orange Book" and is considered the cornerstone of the DoD Rainbow Series that defines the criteria for assessing the access controls in a computer system.
(True/False)
4.8/5 (37)
(37) ____ specifies the authorization classification of information asset an individual user is permitted to access,subject to the need-to-know principle.
(Multiple Choice)
4.9/5 (38)
(38) Which of the following is not an element of the Clark-Wilson model?
(Multiple Choice)
4.8/5 (38)
(38) ISO/IEC 17799 is designed to promote certification of information security management system.
(True/False)
4.7/5 (41)
(41) Under lattice-based access controls,the row of attributes associated with a particular subject (such as a user)is referred to as a(n)____.
(Multiple Choice)
4.9/5 (43)
(43) The NIST Security model documents enjoy two notable advantages over many other sources of security information: (1)They are publicly available at no charge,and (2)they have been available for some time and thus have been broadly reviewed by government and industry professionals.
(True/False)
4.9/5 (36)
(36) A(n)____ is a generic blueprint offered by a service organization.
(Multiple Choice)
4.8/5 (43)
(43) The COSO framework component ____ provides the foundation of all internal control components.
(Multiple Choice)
4.9/5 (39)
(39) Access to a specific set of information may be dependent on its subject matter is called ____.
(Multiple Choice)
4.9/5 (34)
(34) An information security blueprint describes existing controls and identifies other necessary security controls.
(True/False)
4.9/5 (38)
(38) ____________________ controls remedy a circumstance or mitigate damage done during an incident
(Short Answer)
4.8/5 (44)
(44) There are two types of covert channels,storage channels and network channels.
(True/False)
4.9/5 (35)
(35) ____________________ is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties.
(Short Answer)
4.8/5 (42)
(42) Lattice-based access control assigns users a matrix of authorizations for particular areas of access.
(True/False)
4.9/5 (34)
(34) Under TCSEC,the ____ is the combination of all hardware,firmware,and software responsible for enforcing the security policy.
(Multiple Choice)
4.8/5 (33)
(33) ____ access controls are determined by a central authority and can be based on roles or tasks.
(Multiple Choice)
4.8/5 (41)
(41) Compensating controls remedy a circumstance or mitigate damage done during an incident.
(True/False)
4.7/5 (45)
(45) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)