Exam 15: It Security Controls,plans,and Procedures

Physical access or environmental controls are only relevant to areas housing the relevant equipment.

An IT security ________ helps to reduce risks.

Management should conduct a ________ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources.

Management controls refer to issues that management needs to address.

A contingency plan for systems critical to a large organization would be _________ than that for a small business.

______ checking is an audit process to review the organization's security processes.

________ controls involve the correct use of hardware and software security capabilities in systems.

_______ management is concerned with specifically keeping track of the configuration of each system in use and the changes made to each.

_________ controls focus on preventing security beaches from occurring by inhibiting attempts to violate security policies or exploit a vulnerability.

To ensure that a suitable level of security is maintained,management must follow up the implementation with an evaluation of the effectiveness of the security controls.

The objective of the ________ control category is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption.

All controls are applicable to all technologies.

_______ controls focus on security policies,planning,guidelines,and standards that influence the selection of operational and technical controls to reduce the risk of loss and to protect the organization's mission.

It is likely that the organization will not have the resources to implement all the recommended controls.

The three steps for IT security management controls and implementation are: prioritize risks,respond to risks,and __________ .

Operational controls range from simple to complex measures that work together to secure critical and sensitive data,information,and IT systems functions.

________ is a means of managing risk,including policies,procedures,guidelines,practices,or organizational structures.

Maintenance of security controls,security compliance checking,change and configuration management,and incident handling are all included in the follow-up stage of the _________ process.

The follow-up stage of the management process includes _________.

Contingency planning falls into the _________ class of security controls.