Deck 15: It Security Controls,plans,and Procedures
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/45
Play
Full screen (f)
Deck 15: It Security Controls,plans,and Procedures
1
_______ controls are pervasive,generic,underlying technical IT security capabilities that are interrelated with,and used by,many other controls.
A)Preventative
B)Supportive
C)Operational
D)Detection and recovery
A)Preventative
B)Supportive
C)Operational
D)Detection and recovery
B
2
Water damage protection is included in security controls.
True
3
Controls may vary in size and complexity in relation to the
organization employing them.
organization employing them.
True
4
Detection and recovery controls provide a means to restore lost
computing resources.
computing resources.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
5
_________ is a formal process to ensure that critical assets are sufficiently protected in a cost-effective manner.
A)Configuration management control
B)IT security management
C)Detection and recovery control
D)Security compliance
A)Configuration management control
B)IT security management
C)Detection and recovery control
D)Security compliance
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
6
The selection of recommended controls is not guided by legal
requirements.
requirements.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
7
Physical access or environmental controls are only relevant to areas
housing the relevant equipment.
housing the relevant equipment.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
8
Operational controls range from simple to complex measures that work
together to secure critical and sensitive data,information,and IT systems functions.
together to secure critical and sensitive data,information,and IT systems functions.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
9
To ensure that a suitable level of security is maintained,management
must follow up the implementation with an evaluation of the effectiveness of the security controls.
must follow up the implementation with an evaluation of the effectiveness of the security controls.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
10
The IT security management process ends with the implementation of
controls and the training of personnel.
controls and the training of personnel.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
11
An IT security ________ helps to reduce risks.
A)control
B)safeguard
C)countermeasure
D)all of the above
A)control
B)safeguard
C)countermeasure
D)all of the above
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
12
Appropriate security awareness training for all personnel in an
organization,along with specific training relating to particular systems and controls,is an essential component in implementing controls.
organization,along with specific training relating to particular systems and controls,is an essential component in implementing controls.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
13
_______ controls focus on security policies,planning,guidelines,and standards that influence the selection of operational and technical controls to reduce the risk of loss and to protect the organization's mission.
A)Management
B)Technical
C)Preventative
D)Supportive
A)Management
B)Technical
C)Preventative
D)Supportive
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
14
The recommended controls need to be compatible with the
organization's systems and policies.
organization's systems and policies.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
15
Management controls refer to issues that management needs to address.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
16
It is likely that the organization will not have the resources to
implement all the recommended controls.
implement all the recommended controls.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
17
The implementation phase comprises not only the direct
implementation of the controls,but also the associated training and general security awareness programs for the organization.
implementation of the controls,but also the associated training and general security awareness programs for the organization.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
18
All controls are applicable to all technologies.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
19
________ controls focus on the response to a security breach,by warning of violations or attempted violations of security policies.
A)Technical
B)Preventative
C)Detection and recovery
D)Management
A)Technical
B)Preventative
C)Detection and recovery
D)Management
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
20
Once in place controls cannot be adjusted,regardless of the results of
risk assessment of systems in the organization.
risk assessment of systems in the organization.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
21
_______ management is the process used to review proposed changes to systems for implications on the organization's systems and use.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
22
An IT security plan should include details of _________.
A)risks
B)recommended controls
C)responsible personnel
D)all of the above
A)risks
B)recommended controls
C)responsible personnel
D)all of the above
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
23
Identification and authentication is part of the _______ class of security controls.
A)technical
B)operational
C)management
D)none of the above
A)technical
B)operational
C)management
D)none of the above
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
24
A _________ on an organization's IT systems identifies areas needing treatment.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
25
______ checking is an audit process to review the organization's security processes.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
26
The objective of the ________ control category is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption.
A)asset management
B)business continuity management
C)information security incident management
D)physical and environmental security
A)asset management
B)business continuity management
C)information security incident management
D)physical and environmental security
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
27
________ is a means of managing risk,including policies,procedures,guidelines,practices,or organizational structures.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
28
The objective of the ________ control category is to avoid breaches of any law,statutory,regulatory,or contractual obligations,and of any security requirements.
A)access
B)asset management
C)compliance
D)business continuity management
A)access
B)asset management
C)compliance
D)business continuity management
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
29
Periodically reviewing controls to verify that they still function as intended,upgrading controls when new requirements are discovered,ensuring that changes to systems do not adversely affect the controls,and ensuring new threats or vulnerabilities have not become known are all ________ tasks.
A)security compliance
B)maintenance
C)incident handling
D)program management
A)security compliance
B)maintenance
C)incident handling
D)program management
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
30
_______ management is concerned with specifically keeping track of the configuration of each system in use and the changes made to each.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
31
The _________ controls focus on the response to a security breach,by warning of violations or attempted violations of security policies or the identified exploit of a vulnerability and by providing means to restore the resulting lost computing resources.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
32
________ controls involve the correct use of hardware and software security capabilities in systems.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
33
A contingency plan for systems critical to a large organization would be _________ than that for a small business.
A)smaller,less detailed
B)larger,less detailed
C)larger,more detailed
D)smaller,more detailed
A)smaller,less detailed
B)larger,less detailed
C)larger,more detailed
D)smaller,more detailed
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
34
The follow-up stage of the management process includes _________.
A)maintenance of security controls
B)security compliance checking
C)incident handling
D)all of the above
A)maintenance of security controls
B)security compliance checking
C)incident handling
D)all of the above
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
35
The three steps for IT security management controls and implementation are: prioritize risks,respond to risks,and __________ .
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
36
The implementation process is typically monitored by the organizational ______.
A)security officer
B)general counsel
C)technology officer
D)human resources
A)security officer
B)general counsel
C)technology officer
D)human resources
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
37
Maintenance of security controls,security compliance checking,change and configuration management,and incident handling are all included in the follow-up stage of the _________ process.
A)management
B)security awareness and training
C)maintenance
D)all of the above
A)management
B)security awareness and training
C)maintenance
D)all of the above
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
38
The _______ plan documents what needs to be done for each selected control,along with the personnel responsible,and the resources and time frame to be used.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
39
When the implementation is successfully completed,_______ needs to authorize the system for operational use.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
40
Management should conduct a ________ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources.
A)cost analysis
B)cost-benefit analysis
C)benefit analysis
D)none of the above
A)cost analysis
B)cost-benefit analysis
C)benefit analysis
D)none of the above
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
41
Controls can be classified as belonging to one of the following classes: management controls,operational controls,technical controls,detection and recovery controls,preventative controls,and _______ controls.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
42
The ________ audit process should be conducted on new IT systems and services once they are implanted;and on existing systems periodically,often as part of a wider,general audit of the organization or whenever changes are made to the organization's security policy.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
43
Incident response is part of the ________ class of security controls.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
44
Contingency planning falls into the _________ class of security controls.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck
45
_________ controls focus on preventing security beaches from occurring by inhibiting attempts to violate security policies or exploit a vulnerability.
Unlock Deck
Unlock for access to all 45 flashcards in this deck.
Unlock Deck
k this deck