Deck 15: It Security Controls,plans,and Procedures

Water damage protection is included in security controls.

Controls may vary in size and complexity in relation to the
organization employing them.

Detection and recovery controls provide a means to restore lost
computing resources.

The selection of recommended controls is not guided by legal
requirements.

Physical access or environmental controls are only relevant to areas
housing the relevant equipment.

Operational controls range from simple to complex measures that work
together to secure critical and sensitive data,information,and IT systems functions.

To ensure that a suitable level of security is maintained,management
must follow up the implementation with an evaluation of the effectiveness of the security controls.

The IT security management process ends with the implementation of
controls and the training of personnel.

Appropriate security awareness training for all personnel in an
organization,along with specific training relating to particular systems and controls,is an essential component in implementing controls.

The recommended controls need to be compatible with the
organization's systems and policies.

Management controls refer to issues that management needs to address.

It is likely that the organization will not have the resources to
implement all the recommended controls.

The implementation phase comprises not only the direct
implementation of the controls,but also the associated training and general security awareness programs for the organization.

All controls are applicable to all technologies.

Once in place controls cannot be adjusted,regardless of the results of
risk assessment of systems in the organization.

_______ management is the process used to review proposed changes to systems for implications on the organization's systems and use.

A _________ on an organization's IT systems identifies areas needing treatment.

______ checking is an audit process to review the organization's security processes.

________ is a means of managing risk,including policies,procedures,guidelines,practices,or organizational structures.

_______ management is concerned with specifically keeping track of the configuration of each system in use and the changes made to each.

The _________ controls focus on the response to a security breach,by warning of violations or attempted violations of security policies or the identified exploit of a vulnerability and by providing means to restore the resulting lost computing resources.

________ controls involve the correct use of hardware and software security capabilities in systems.

The three steps for IT security management controls and implementation are: prioritize risks,respond to risks,and __________ .

The _______ plan documents what needs to be done for each selected control,along with the personnel responsible,and the resources and time frame to be used.

When the implementation is successfully completed,_______ needs to authorize the system for operational use.

Controls can be classified as belonging to one of the following classes: management controls,operational controls,technical controls,detection and recovery controls,preventative controls,and _______ controls.

The ________ audit process should be conducted on new IT systems and services once they are implanted;and on existing systems periodically,often as part of a wider,general audit of the organization or whenever changes are made to the organization's security policy.

Incident response is part of the ________ class of security controls.

Contingency planning falls into the _________ class of security controls.

_________ controls focus on preventing security beaches from occurring by inhibiting attempts to violate security policies or exploit a vulnerability.