4.1 Security Policies – Flashcards

Unlock all answers in this set

Unlock answers
question
What is the primary purpose of source code escrow?
answer
To obtain change rights over software after a vendor goes out of business
question
Who has the responsibility for the development of a security policy?
answer
Senior management
question
What is the most effective means of improving or enforcing security in any environment?
answer
User awareness training
question
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which method should you use to best prevent extracting data from the discs?
answer
Shredding
question
Which of the following is a high-level, general statement about the role of security in the organization?
answer
Policy
question
Which policy specifically protects PII?
answer
Privacy
question
HIPAA is a set of federal regulations that define security guidelines that enforce the protection of what?
answer
Privacy
question
You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occuring in the future. What else might you be legally required to do?
answer
Contact your customers to let them know of the security breach
question
Which of the following is a recommendation to use when a specific standard or procedure does not exist?
answer
Guideline
question
Which of the following defines an acceptable use agreement?
answer
An agreement which identifies the employee's rights to use company property such as Internet access and computer equipment for personal use.
question
What is the primary purpose of change control?
answer
Prevent unmanaged change
question
Which of the following best describes the concept of due care or due diligence?
answer
Reasonable precautions, based on industry best practices, are utilized and implemented
question
Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow its client?
answer
Service level agreement
question
When informing an employee that they are being terminated, what is the most important activity?
answer
Disabling their network access
question
Which of the following is the best protection against security violations?
answer
Defense in depth
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New