Exam 15: It Security Controls,plans,and Procedures

Appropriate security awareness training for all personnel in an organization,along with specific training relating to particular systems and controls,is an essential component in implementing controls.

_________ is a formal process to ensure that critical assets are sufficiently protected in a cost-effective manner.

Controls can be classified as belonging to one of the following classes: management controls,operational controls,technical controls,detection and recovery controls,preventative controls,and _______ controls.

Periodically reviewing controls to verify that they still function as intended,upgrading controls when new requirements are discovered,ensuring that changes to systems do not adversely affect the controls,and ensuring new threats or vulnerabilities have not become known are all ________ tasks.

Incident response is part of the ________ class of security controls.

The _______ plan documents what needs to be done for each selected control,along with the personnel responsible,and the resources and time frame to be used.

Once in place controls cannot be adjusted,regardless of the results of risk assessment of systems in the organization.

A _________ on an organization's IT systems identifies areas needing treatment.

The objective of the ________ control category is to avoid breaches of any law,statutory,regulatory,or contractual obligations,and of any security requirements.

The _________ controls focus on the response to a security breach,by warning of violations or attempted violations of security policies or the identified exploit of a vulnerability and by providing means to restore the resulting lost computing resources.

The recommended controls need to be compatible with the organization's systems and policies.

When the implementation is successfully completed,_______ needs to authorize the system for operational use.

The IT security management process ends with the implementation of controls and the training of personnel.

Detection and recovery controls provide a means to restore lost computing resources.

The implementation phase comprises not only the direct implementation of the controls,but also the associated training and general security awareness programs for the organization.

Identification and authentication is part of the _______ class of security controls.

The implementation process is typically monitored by the organizational ______.

________ controls focus on the response to a security breach,by warning of violations or attempted violations of security policies.

The ________ audit process should be conducted on new IT systems and services once they are implanted;and on existing systems periodically,often as part of a wider,general audit of the organization or whenever changes are made to the organization's security policy.

An IT security plan should include details of _________.