Chapter 6 Security

question

For all the technical solutions you can devise to secure your systems, the __________remains your greatest challenge
answer

Human element
question

What is meant by standard?
answer

A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the orgnization
question

(T/F) The term standard describes initiating changes to avoid expected problems.
answer

false (that is Proactive change management)
question

Because personnel are so important to solid security, one of the best security controls you can develop is a strong security ___________ and awareness program.
answer

Training
question

(T/F) The term remediation refers to fixing something before it is broken, defective, or vulnerable.
answer

True
question

(T/F) System owners are in control of data classification.
answer

False
question

Which of the following is the definition of guideline?
answer

A recommendation to purchase or how to use a product
question

The term guideline refers to a group that oversees all proposed changes to systems and networks.
answer

false
question

Your organization’s __________ sets the tone for how you approach related activities.
answer

Security
question

(T/F) The term functional policy describes a statement of an organization’s management direction for security in such specific functional areas as e-mail, remote access, and Internet surfing.
answer

True
question

What term is used to describe a set of step-by-step actions to be performed to accomplish a security requirement, process, or objective?
answer

procedure
question

(T/F) Accreditation is management’s formal acceptance of risk and their permission to implement.
answer

true
question

(T/F) The process of managing the baseline settings of a system device is the definition of configuration control.
answer

true
question

When security seems to get in the way of an employee’s productivity, they’ll often bypass security measures to complete their work more quickly.
answer

true
question

(T/F) The term standard describes initiating changes to avoid expected problems.
answer

false
question

(T/F) Sprint means one of the small project iterations used in the “agile” method of developing software, in contrast with the usual long project schedules of other ways of developing software
answer

true
question

Which of the following is the definition of system owner?
answer

The person responsible for the daily operations of the system and ensuring the system continues to operate in compliance with conditions set out by the AO.
question

(T/F) An organization must comply with rules on two levels: regulatory compliance and organizational compliance.
answer

true
question

(T/F) A compliance liaison works with each department to ensure that it understands, implements, and monitors compliance in accordance with the organization’s policies.
answer

true
question

What is meant by certification?
answer

The technical evaluation of a system to provide assurance that you have implemented the system correctly.
question

The name given to a group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies, is ________.
answer

emergency operations group
question

Accreditation is management’s formal acceptance of risk and their permission to implement.
answer

False
question

_________ ensures that any changes to a production system are tested, documented, and approved.
answer

change control
question

________ states that users must never leave sensitive information in plain view on an unattended desk or workstation
answer

clear desk policy
question

Accredited
answer

Refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards.
question

Agile Development
answer

A method of developing software that is based on small project iterations, or sprints, instead of long project schedules.
question

Authorizing official (AO)
answer

A senior manager who reviews a certification report and makes the decision to approve the system for implementation.
question

Certification
answer

The technical evaluation of a system to provide assurance that you have implemented the system correctly. Also, an official statement that attests that a person has satisfied specific requirements. Requirements often include possessing a certain level of experience, completing a course of study, and passing an examination.
question

Change Control
answer

The process of managing changes to computer/device configuration or application software.
question

Change Control Committee
answer

A group that oversees all proposed changes to systems and networks.
question

Clean desk/ clear Screen Policy
answer

A policy stating that users must never leave sensitive information in plain view on an unattended desk or workstation.
question

Compliance liaison
answer

A person whose responsibility it is to ensure that employees are aware of and comply with an organization’s security policies.
question

Configuration control
answer

The process of managing the baseline settings of a system device.
question

Emergency operations group
answer

A group that is responsible for protecting sensitive data in the event of a natural disaster or equipment failure, among other potential emergencies.
question

Functional policy
answer

A statement of an organization’s management direction for security in such specific functional areas as e-mail, remote access, and Internet surfing.
question

Proactive change management
answer

Initiating changes to avoid expected problems.
question

Procedure
answer

A set of step-by-step actions to be performed to accomplish a security requirement, process, or objective.
question

Reactive change management
answer

Enacting changes in response to reported problems.
question

Security administration
answer

The basic element of ISAKMP key management. SA contains all the information needed to do a variety of network security services.
question

Security event log
answer

Recorded information from system events that describes security-related activity.
question

Sprint
answer

One of the small project iterations used in the “agile” method of developing software, in contrast with the usual long project schedules of other ways of developing software.
question

Standard
answer

A mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization.
question

System owner
answer

The person responsible for the daily operation of a system and for ensuring that the system continues to operate in compliance with the conditions set out by the AO.
question

Waterfall model
answer

A software development model that defines how development activities progress from one distinct phase to the next.

Get instant access to
all materials

Become a Member