Exam 4: Information Security Policy

Which of the following is NOT among the three types of InfoSec policies based on NIST's Special Publication 800-14?

What is the final component of the design and implementation of effective policies?Describe this component.

A section of policy that should specify users' and systems administrators' responsibilities.

A(n)____________________,which is usually presented on a screen to the user during software installation,spells out fair and responsible use of the software being installed.

According to NIST SP 800-18,Rev.1,whichindividual is responsible for the creation,revision,distribution,and storage of the policy?

What are configuration rules?Provide examples.

An organizational policy that provides detailed,targetedguidance to instruct all members of the organization in the use of a resource,such as one of itsprocesses or technologies.

Examples of actions that illustrate compliance with policies are known as laws.

In the bull's-eye model,the ____________________ layer is the place where threats from public networks meet the organization's networking infrastructure.

What is a SysSP and what is one likely to include?

The three types of information security policies include the enterprise information security policy,the issue-specific security policy,and the ____________________ security policy.

Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?

List the major components of the ISSP.

The 'Authorized Uses' section of an ISSP specifies what the identified technology cannot be used for.

A detailed outline of the scope of the policy development project is created during which phase of the SecSDLC?

Technology is the essential foundation of an effective information security program​._____________