Chapter 6 Security – Flashcards

Unlock all answers in this set

Unlock answers
question
For all the technical solutions you can devise to secure your systems, the __________remains your greatest challenge
answer
Human element
question
What is meant by standard?
answer
A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the orgnization
question
(T/F) The term standard describes initiating changes to avoid expected problems.
answer
false (that is Proactive change management)
question
Because personnel are so important to solid security, one of the best security controls you can develop is a strong security ___________ and awareness program.
answer
Training
question
(T/F) The term remediation refers to fixing something before it is broken, defective, or vulnerable.
answer
True
question
(T/F) System owners are in control of data classification.
answer
False
question
Which of the following is the definition of guideline?
answer
A recommendation to purchase or how to use a product
question
The term guideline refers to a group that oversees all proposed changes to systems and networks.
answer
false
question
Your organization's __________ sets the tone for how you approach related activities.
answer
Security
question
(T/F) The term functional policy describes a statement of an organization's management direction for security in such specific functional areas as e-mail, remote access, and Internet surfing.
answer
True
question
What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective?
answer
procedure
question
(T/F) Accreditation is management's formal acceptance of risk and their permission to implement.
answer
true
question
(T/F) The process of managing the baseline settings of a system device is the definition of configuration control.
answer
true
question
When security seems to get in the way of an employee's productivity, they'll often bypass security measures to complete their work more quickly.
answer
true
question
(T/F) The term standard describes initiating changes to avoid expected problems.
answer
false
question
(T/F) Sprint means one of the small project iterations used in the "agile" method of developing software, in contrast with the usual long project schedules of other ways of developing software
answer
true
question
Which of the following is the definition of system owner?
answer
The person responsible for the daily operations of the system and ensuring the system continues to operate in compliance with conditions set out by the AO.
question
(T/F) An organization must comply with rules on two levels: regulatory compliance and organizational compliance.
answer
true
question
(T/F) A compliance liaison works with each department to ensure that it understands, implements, and monitors compliance in accordance with the organization's policies.
answer
true
question
What is meant by certification?
answer
The technical evaluation of a system to provide assurance that you have implemented the system correctly.
question
The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ________.
answer
emergency operations group
question
Accreditation is management's formal acceptance of risk and their permission to implement.
answer
False
question
_________ ensures that any changes to a production system are tested, documented, and approved.
answer
change control
question
________ states that users must never leave sensitive information in plain view on an unattended desk or workstation
answer
clear desk policy
question
Accredited
answer
Refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.
question
Agile Development
answer
A method of developing software that is based on small project iterations, or sprints, instead of long project schedules.
question
Authorizing official (AO)
answer
A senior manager who reviews a certification report and makes the decision to approve the system for implementation.
question
Certification
answer
The technical evaluation of a system to provide assurance that you have implemented the system correctly. Also, an official statement that attests that a person has satisfied specific requirements. Requirements often include possessing a certain level of experience, completing a course of study, and passing an examination.
question
Change Control
answer
The process of managing changes to computer/device configuration or application software.
question
Change Control Committee
answer
A group that oversees all proposed changes to systems and networks.
question
Clean desk/ clear Screen Policy
answer
A policy stating that users must never leave sensitive information in plain view on an unattended desk or workstation.
question
Compliance liaison
answer
A person whose responsibility it is to ensure that employees are aware of and comply with an organization's security policies.
question
Configuration control
answer
The process of managing the baseline settings of a system device.
question
Emergency operations group
answer
A group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies.
question
Functional policy
answer
A statement of an organization's management direction for security in such specific functional areas as e-mail, remote access, and Internet surfing.
question
Proactive change management
answer
Initiating changes to avoid expected problems.
question
Procedure
answer
A set of step-by-step actions to be performed to accomplish a security requirement, process, or objective.
question
Reactive change management
answer
Enacting changes in response to reported problems.
question
Security administration
answer
The basic element of ISAKMP key management. SA contains all the information needed to do a variety of network security services.
question
Security event log
answer
Recorded information from system events that describes security-related activity.
question
Sprint
answer
One of the small project iterations used in the "agile" method of developing software, in contrast with the usual long project schedules of other ways of developing software.
question
Standard
answer
A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization.
question
System owner
answer
The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.
question
Waterfall model
answer
A software development model that defines how development activities progress from one distinct phase to the next.
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New