Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 9: Information Security

Full screen (f)
exit full mode
Question
The term that refers to a formal written document that spells out in detail the actions to be taken in the event that there is a disruption, or threat of disruption, in any part of the firm's computing operation is referred to as a(n):

A)contingency plan.
B)emergency plan.
C)vital records plan.
D)backup plan.
Use Space or
up arrow
down arrow
to flip the card.
Question
Which type of control is built into systems by the system developers during the system development life cycle?

A)formal control
B)informal control
C)technical control
D)access control
Question
When the database and software library are made available to persons not entitled to have access, the type of information security risk is:

A)unauthorized destruction and denial of service.
B)unauthorized use.
C)unauthorized disclosure and theft.
D)unauthorized modification.
Question
When the impact severity is classified as significant and the vulnerability is judged to be medium, what should happen to controls?

A)Controls should be improved.
B)Controls should be kept intact.
C)Controls must be improved.
D)Nothing should happen.
Question
Which statement based on a survey by the Computer Security Institute is false?

A)Employees commit 81% of computer crimes.
B)Controls that are put in place to address external threats typically go into action when an effort to breach security is detected.
C)Forty- nine percent of the respondents faced security incidents brought on by actions of legitimate users.
D)External threats are considered to present potentially more serious damage than do internal threats.
Question
The type of threat whereby the user distributes it as a utility and when used, produces unwanted changes in the system's functionality is called:

A)malicious software.
B)a Trojan horse.
C)a virus.
D)a worm.
Question
Which of the following set of guidelines places emphasis on the rationale for establishing a security policy and is a product of the U.S. National Research Council?

A)COBIT
B)GMITS
C)GASSP
D)ISF Standard of Good Practice
Question
The type of firewall that allows a higher amount of authentication and filtering than does a router is referred to as a(n):

A)IP spoofing firewall.
B)application- level firewall.
C)circuit- level firewall.
D)packet- filtering firewall.
Question
Which type of information security risk can be caused by a hacker?

A)unauthorized modification
B)unauthorized disclosure and theft
C)unauthorized use
D)unauthorized destruction and denial of service
Question
When the impact severity can cause significant damage and cost but the firm will survive, it is classified as:

A)severe impact.
B)minor impact.
C)major impact.
D)significant impact.
Question
Which of the following is not part of the U.S. Government Internet Crime Legislation?

A)A penalty of 10 to 20 years imprisonment for attempting to cause injury by means of the Internet, and a penalty of life imprisonment if death occurs.
B)ISPs are exempt from liability if they report suspicions to the government that an Internet crime might be committed.
C)ISPs are required to maintain data about all communications events for one year.
D)The use of electronic surveillance tools for 48 hours pending authorization by courts to use such tools is permitted.
Question
Which one of the following is not a general practice that retailers should follow as identified by Visa?

A)Do not leave data or computers unsecured.
B)Destroy data when it is no longer needed.
C)Screen employees who have access to data.
D)Regularly test the security system.
Question
What acts as a filter and barrier that restricts the flow of data to and from the firm and the Internet?

A)spyware
B)firewall
C)virus protection software
D)access control file
Question
When all of the information systems should provide an accurate representation of the physical systems that they represent, the information security objective is:

A)integrity.
B)accuracy.
C)availability.
D)confidentiality.
Question
The certification that requires a completed exam, adherence to a code of ethics, and work experience in information security is the:

A)SysAdmin, Audit, Network, Security Certification.
B)Certification Information System Security Professional.
C)Certified Information Security Manager.
D)Global Information Assurance Certification.
Question
The organization that aims its certification at intrusion detection, firewall and perimeter protection, and operating system security is the:

A)SANS Institute.
B)Information Systems Audit and Control Association.
C)International Standards Organization.
D)International Information System Security Certification Consortium.
Question
The newer title for the information security officer that reports to the CEO and manages an information assurance unit is:

A)corporate information systems security officer.
B)information security management officer.
C)chief information officer.
D)corporate information assurance officer.
Question
Which of the following is the final section of the risk analysis report?

A)recommended action to address the risk
B)the owner(s)of the risk
C)what was done to mitigate the risk
D)recommended time frame for addressing the risk
Question
The set of guidelines that devotes considerable attention to the user behavior that is expected if the program is to be successful is named:

A)COBIT.
B)BSI IT Baseline Protection Manual.
C)ISF Standard of Good Practice.
D)United Kingdom's BS7799.
Question
The access control whereby users verify their right to access by providing something they have or something they are is referred to as:

A)user authorization.
B)user identification.
C)user profiles.
D)user authentication.
Question
Which type of control establishes codes of conduct, documentation of expected procedures and practices, and monitoring and preventing behavior that varies from the established guidelines?

A)formal control
B)informal control
C)access control
D)technical control
Question
The title of the person who has typically been responsible for the firm's information systems security is the:

A)information security management officer.
B)corporate information assurance officer.
C)chief information officer.
D)corporate information systems security officer.
Question
The term is used to describe the protection of both computer and non- computer equipment, facilities, data, and information from misuse by unauthorized parties.
Question
Which one of the following is not an expected security- related practice for retailers that Visa has established?

A)Install and maintain a firewall.
B)Screen employees who have access to data.
C)Use and update antivirus software.
D)Encrypt stored data.
Question
Identification and authentication make use of .
Question
The term that refers to a plan that specifies those measures that ensure the safety of employees when disaster strikes is referred to as a(n):

A)backup plan.
B)vital records plan.
C)contingency plan.
D)emergency plan.
Question
The type of control that includes such activities as instilling the firm's ethical beliefs in its employees, ensuring an understanding of the firm's mission and objectives, education and training programs, and management development programs is referred to as:

A)informal control.
B)access control.
C)formal control.
D)technical control.
Question
When the firm seeks to protect its data and information from disclosure to unauthorized persons, the information security objective is:

A)availability.
B)accuracy.
C)integrity.
D)confidentiality.
Question
An _ is a set of four numbers that uniquely identify each computer connected to the Internet.
Question
A _ is a computer program that can replicate itself without being observable to the user and embed copies of itself in other programs and boot sectors.
Question
The specifies those measures that ensure the safety of employees when disaster strikes.
Question
Which type of control is recognized as being the best bet for security?

A)cryptographic control
B)technical control
C)physical control
D)access control
Question
gathers data from the user's machine.
Question
Identification and authentication make use of , or descriptions of authorized users.
Question
A _ _ is a complete computing facility that is made available by a supplier to its customers for use in the event of emergencies.
Question
Which of the following is not a step in information security management?

A)Define the controls that the threats can impose.
B)Establish an information security policy.
C)Implement controls that address the risks.
D)Identify the threats that can attack the firm's information resources.
Question
In which phase of an information security policy would the project team consult with all interested and affected parties to determine the requirements of the new policy?

A)project initiation
B)policy development
C)policy dissemination
D)consultation and approval
Question
have been developed that consider such characteristics as the person's position in the firm, access to sensitive data, ability to alter hardware components, the types of applications used, the files owned, and the usage of certain network protocols.
Question
Which type of threat is a computer program that can replicate itself without being observable to the user, and embed copies of itself in other programs and boot sectors?

A)Trojan horse
B)virus
C)malware
D)worm
Question
The is a recommended level of security that in normal circumstances should offer reasonable protection against unauthorized intrusion.
Question
With a Trojan horse, the distribution is accomplished by users who distribute it as a utility.
Question
Impact severity can be classified as having a major impact when breakdowns that are typical of day- to- day operations occur.
Question
An is a potential undesirable outcome of a breach of information security by an information security threat.
Question
An information security risk is a person, organization, mechanism, or event that has potential to inflict harm on the firm's information resources.
Question
Authorization makes use of that specify the levels of access available to each user.
Question
Internal threats are considered to present potentially more serious damage than do external threats due to the more intimate knowledge of the system by the internal threats.
Question
When backup service includes a hot site, only the building facilities but not the computing resources are provided.
Question
A control is a mechanism that is implemented to either protect the firm from risks or to minimize the impact of the risks on the firm should they occur.
Question
The activities aimed at continuing operations after an information system disruption are called .
Question
The information security objective of confidentiality means that the firm seeks to protect its data and information from disclosure to unauthorized persons.
Question
generates intrusive advertising messages.
Question
A packet- filtering firewall is the most effective type of firewall.
Question
Firms can enter into a reciprocal agreement with other users of the same type of equipment so that each firm can provide backup to the other in the event of a catastrophe.
Question
User authorization makes use of access control files that specify the levels of access available to each user.
Question
Formal controls include education and training programs and management development programs in the firm.
Question
The contingency plan specifies those measures that ensure the safety of employees when disaster strikes.
Question
are those that are built into systems by the system developers during the systems development life cycle.
Question
GASSP is a product of the International Standards Organization and it provides a list of the information security policy topics that should be included in an organization's standards.
Question
The International Standard Organization is a nonprofit organization dedicated to assist computer users with making their systems more secure.
Question
Cryptography is the use of coding by means of mathematical processes.
Question
The final step in writing a risk analysis report should be to document what has been done to mitigate the risk.
Question
The backup plan where hardware, software, and data are duplicated so that when one set is inoperable, the backup set can continue the processing is called redundancy.
Question
Who is the CIAO and to whom does he or she report?
Question
The SANS Institute offers certifications aimed at such specialties within information security as intrusion detection, firewalls and perimeter protection, and operating system security.
Question
Identify the four steps of information security management.
Question
Insider threat prediction tools have been developed that consider such characteristics as the person 's position in the firm, access to sensitive data, ability to alter hardware components, the types of applications used, the files owned, and the usage of certain network protocols.
Question
The basis for security against threats by unauthorized persons is physical control.
Question
Unauthorized use occurs when persons who are not ordinarily entitled to use the firm's resources are able to do so.
Question
COBIT focuses on the process that a firm can follow in developing standards, paying special attention to the writing and maintaining of the documentation.
Question
The Computer Security Institute found that 49% of computer crimes are committed by employees.
Question
When a firm follows benchmark compliance, it is assumed that the government and industry authorities have done a good job of considering the threats and risks and that the benchmarks offer good protection.
Question
What are the 10 security- related practices that Visa expects its retailers to follow?
Question
The term systems security is used to describe the protection of both computer and noncomputer equipment, facilities, data, and information from misuse by unauthorized parties.
Question
Access controls are those built into systems by the system developers during the system development life cycle.
Question
List the five phases to developing a security policy.
Question
Information security management is the activity of keeping the firm and its information resources functional after a catastrophe.
Question
What are the three main objectives that information security is intended to achieve?
Question
The Certified Information Security Manager designation is the newest professional certification for security.
Question
When the level of impact is determined to be minor and the vulnerability is determined to be low, then vulnerability analysis is unnecessary.
Question
A virus is a complete program or segment of code that can invade a system and perform functions not intended by the system owners.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/80
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 9: Information Security
1
The term that refers to a formal written document that spells out in detail the actions to be taken in the event that there is a disruption, or threat of disruption, in any part of the firm's computing operation is referred to as a(n):

A)contingency plan.
B)emergency plan.
C)vital records plan.
D)backup plan.
A
2
Which type of control is built into systems by the system developers during the system development life cycle?

A)formal control
B)informal control
C)technical control
D)access control
C
3
When the database and software library are made available to persons not entitled to have access, the type of information security risk is:

A)unauthorized destruction and denial of service.
B)unauthorized use.
C)unauthorized disclosure and theft.
D)unauthorized modification.
C
4
When the impact severity is classified as significant and the vulnerability is judged to be medium, what should happen to controls?

A)Controls should be improved.
B)Controls should be kept intact.
C)Controls must be improved.
D)Nothing should happen.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
5
Which statement based on a survey by the Computer Security Institute is false?

A)Employees commit 81% of computer crimes.
B)Controls that are put in place to address external threats typically go into action when an effort to breach security is detected.
C)Forty- nine percent of the respondents faced security incidents brought on by actions of legitimate users.
D)External threats are considered to present potentially more serious damage than do internal threats.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
6
The type of threat whereby the user distributes it as a utility and when used, produces unwanted changes in the system's functionality is called:

A)malicious software.
B)a Trojan horse.
C)a virus.
D)a worm.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following set of guidelines places emphasis on the rationale for establishing a security policy and is a product of the U.S. National Research Council?

A)COBIT
B)GMITS
C)GASSP
D)ISF Standard of Good Practice
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
8
The type of firewall that allows a higher amount of authentication and filtering than does a router is referred to as a(n):

A)IP spoofing firewall.
B)application- level firewall.
C)circuit- level firewall.
D)packet- filtering firewall.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
9
Which type of information security risk can be caused by a hacker?

A)unauthorized modification
B)unauthorized disclosure and theft
C)unauthorized use
D)unauthorized destruction and denial of service
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
10
When the impact severity can cause significant damage and cost but the firm will survive, it is classified as:

A)severe impact.
B)minor impact.
C)major impact.
D)significant impact.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following is not part of the U.S. Government Internet Crime Legislation?

A)A penalty of 10 to 20 years imprisonment for attempting to cause injury by means of the Internet, and a penalty of life imprisonment if death occurs.
B)ISPs are exempt from liability if they report suspicions to the government that an Internet crime might be committed.
C)ISPs are required to maintain data about all communications events for one year.
D)The use of electronic surveillance tools for 48 hours pending authorization by courts to use such tools is permitted.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
12
Which one of the following is not a general practice that retailers should follow as identified by Visa?

A)Do not leave data or computers unsecured.
B)Destroy data when it is no longer needed.
C)Screen employees who have access to data.
D)Regularly test the security system.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
13
What acts as a filter and barrier that restricts the flow of data to and from the firm and the Internet?

A)spyware
B)firewall
C)virus protection software
D)access control file
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
14
When all of the information systems should provide an accurate representation of the physical systems that they represent, the information security objective is:

A)integrity.
B)accuracy.
C)availability.
D)confidentiality.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
15
The certification that requires a completed exam, adherence to a code of ethics, and work experience in information security is the:

A)SysAdmin, Audit, Network, Security Certification.
B)Certification Information System Security Professional.
C)Certified Information Security Manager.
D)Global Information Assurance Certification.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
16
The organization that aims its certification at intrusion detection, firewall and perimeter protection, and operating system security is the:

A)SANS Institute.
B)Information Systems Audit and Control Association.
C)International Standards Organization.
D)International Information System Security Certification Consortium.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
17
The newer title for the information security officer that reports to the CEO and manages an information assurance unit is:

A)corporate information systems security officer.
B)information security management officer.
C)chief information officer.
D)corporate information assurance officer.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following is the final section of the risk analysis report?

A)recommended action to address the risk
B)the owner(s)of the risk
C)what was done to mitigate the risk
D)recommended time frame for addressing the risk
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
19
The set of guidelines that devotes considerable attention to the user behavior that is expected if the program is to be successful is named:

A)COBIT.
B)BSI IT Baseline Protection Manual.
C)ISF Standard of Good Practice.
D)United Kingdom's BS7799.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
20
The access control whereby users verify their right to access by providing something they have or something they are is referred to as:

A)user authorization.
B)user identification.
C)user profiles.
D)user authentication.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
21
Which type of control establishes codes of conduct, documentation of expected procedures and practices, and monitoring and preventing behavior that varies from the established guidelines?

A)formal control
B)informal control
C)access control
D)technical control
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
22
The title of the person who has typically been responsible for the firm's information systems security is the:

A)information security management officer.
B)corporate information assurance officer.
C)chief information officer.
D)corporate information systems security officer.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
23
The term is used to describe the protection of both computer and non- computer equipment, facilities, data, and information from misuse by unauthorized parties.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
24
Which one of the following is not an expected security- related practice for retailers that Visa has established?

A)Install and maintain a firewall.
B)Screen employees who have access to data.
C)Use and update antivirus software.
D)Encrypt stored data.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
25
Identification and authentication make use of .
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
26
The term that refers to a plan that specifies those measures that ensure the safety of employees when disaster strikes is referred to as a(n):

A)backup plan.
B)vital records plan.
C)contingency plan.
D)emergency plan.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
27
The type of control that includes such activities as instilling the firm's ethical beliefs in its employees, ensuring an understanding of the firm's mission and objectives, education and training programs, and management development programs is referred to as:

A)informal control.
B)access control.
C)formal control.
D)technical control.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
28
When the firm seeks to protect its data and information from disclosure to unauthorized persons, the information security objective is:

A)availability.
B)accuracy.
C)integrity.
D)confidentiality.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
29
An _ is a set of four numbers that uniquely identify each computer connected to the Internet.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
30
A _ is a computer program that can replicate itself without being observable to the user and embed copies of itself in other programs and boot sectors.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
31
The specifies those measures that ensure the safety of employees when disaster strikes.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
32
Which type of control is recognized as being the best bet for security?

A)cryptographic control
B)technical control
C)physical control
D)access control
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
33
gathers data from the user's machine.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
34
Identification and authentication make use of , or descriptions of authorized users.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
35
A _ _ is a complete computing facility that is made available by a supplier to its customers for use in the event of emergencies.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
36
Which of the following is not a step in information security management?

A)Define the controls that the threats can impose.
B)Establish an information security policy.
C)Implement controls that address the risks.
D)Identify the threats that can attack the firm's information resources.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
37
In which phase of an information security policy would the project team consult with all interested and affected parties to determine the requirements of the new policy?

A)project initiation
B)policy development
C)policy dissemination
D)consultation and approval
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
38
have been developed that consider such characteristics as the person's position in the firm, access to sensitive data, ability to alter hardware components, the types of applications used, the files owned, and the usage of certain network protocols.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
39
Which type of threat is a computer program that can replicate itself without being observable to the user, and embed copies of itself in other programs and boot sectors?

A)Trojan horse
B)virus
C)malware
D)worm
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
40
The is a recommended level of security that in normal circumstances should offer reasonable protection against unauthorized intrusion.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
41
With a Trojan horse, the distribution is accomplished by users who distribute it as a utility.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
42
Impact severity can be classified as having a major impact when breakdowns that are typical of day- to- day operations occur.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
43
An is a potential undesirable outcome of a breach of information security by an information security threat.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
44
An information security risk is a person, organization, mechanism, or event that has potential to inflict harm on the firm's information resources.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
45
Authorization makes use of that specify the levels of access available to each user.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
46
Internal threats are considered to present potentially more serious damage than do external threats due to the more intimate knowledge of the system by the internal threats.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
47
When backup service includes a hot site, only the building facilities but not the computing resources are provided.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
48
A control is a mechanism that is implemented to either protect the firm from risks or to minimize the impact of the risks on the firm should they occur.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
49
The activities aimed at continuing operations after an information system disruption are called .
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
50
The information security objective of confidentiality means that the firm seeks to protect its data and information from disclosure to unauthorized persons.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
51
generates intrusive advertising messages.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
52
A packet- filtering firewall is the most effective type of firewall.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
53
Firms can enter into a reciprocal agreement with other users of the same type of equipment so that each firm can provide backup to the other in the event of a catastrophe.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
54
User authorization makes use of access control files that specify the levels of access available to each user.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
55
Formal controls include education and training programs and management development programs in the firm.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
56
The contingency plan specifies those measures that ensure the safety of employees when disaster strikes.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
57
are those that are built into systems by the system developers during the systems development life cycle.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
58
GASSP is a product of the International Standards Organization and it provides a list of the information security policy topics that should be included in an organization's standards.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
59
The International Standard Organization is a nonprofit organization dedicated to assist computer users with making their systems more secure.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
60
Cryptography is the use of coding by means of mathematical processes.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
61
The final step in writing a risk analysis report should be to document what has been done to mitigate the risk.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
62
The backup plan where hardware, software, and data are duplicated so that when one set is inoperable, the backup set can continue the processing is called redundancy.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
63
Who is the CIAO and to whom does he or she report?
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
64
The SANS Institute offers certifications aimed at such specialties within information security as intrusion detection, firewalls and perimeter protection, and operating system security.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
65
Identify the four steps of information security management.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
66
Insider threat prediction tools have been developed that consider such characteristics as the person 's position in the firm, access to sensitive data, ability to alter hardware components, the types of applications used, the files owned, and the usage of certain network protocols.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
67
The basis for security against threats by unauthorized persons is physical control.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
68
Unauthorized use occurs when persons who are not ordinarily entitled to use the firm's resources are able to do so.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
69
COBIT focuses on the process that a firm can follow in developing standards, paying special attention to the writing and maintaining of the documentation.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
70
The Computer Security Institute found that 49% of computer crimes are committed by employees.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
71
When a firm follows benchmark compliance, it is assumed that the government and industry authorities have done a good job of considering the threats and risks and that the benchmarks offer good protection.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
72
What are the 10 security- related practices that Visa expects its retailers to follow?
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
73
The term systems security is used to describe the protection of both computer and noncomputer equipment, facilities, data, and information from misuse by unauthorized parties.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
74
Access controls are those built into systems by the system developers during the system development life cycle.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
75
List the five phases to developing a security policy.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
76
Information security management is the activity of keeping the firm and its information resources functional after a catastrophe.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
77
What are the three main objectives that information security is intended to achieve?
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
78
The Certified Information Security Manager designation is the newest professional certification for security.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
79
When the level of impact is determined to be minor and the vulnerability is determined to be low, then vulnerability analysis is unnecessary.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
80
A virus is a complete program or segment of code that can invade a system and perform functions not intended by the system owners.
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 80 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree