CP3302 – Chap5 – Flashcards
Unlock all answers in this set
Unlock answersquestion
_____ direct how issues should be addressed and technologies used.
answer
Policies
question
_____ are detailed statements of what must be done to comply with policy.
answer
Standards
question
3 True or False: An executive information security policy (EISP) is also known as a general security policy, IT security policy, and information security policy.
answer
True
question
A(n) addresses specic areas of technology, requires frequent updates, and contains a statement on the organization's position on a specic issue.
answer
issue-specific security policy (ISSP)
question
Implementing security in layered approach is referred to as ______.
answer
defense in depth
question
A(n) _____ defines the edge between the outer limit of an organization's security and the beginning of the outside world.
answer
security perimeter
question
A(n) ______ is a device that uses a rule set to selectively discriminate against information flowing into/out of the organization.
answer
firewall
question
In an effort to detect an unauthorised activity within the inner network or on individual machines, an organisation may want to implement ______.
answer
intrusion detection systems
question
_____ is planning for the identification, classification, response, and recovery from an incident.
answer
Incident response planning (IRP)
question
A(n) _____ is any clearly identified attack on the organization's information assets that would threaten the assets' confidentiality, integrity, or availability.
answer
incident
question
_____ deals with the preparation for and recovery from a disaster, whether natural or man-made.
answer
Disaster recover planning (DRP)
question
_______ consists of the actions taken to plan for, detect, and correct the impact of an incident on information assets.
answer
Incident response (IR)
question
A(n) provides many of the same services and options as a hot site. However, it typically does not include the applications the company needs, or the applications may not yet be properly installed and configured.
answer
warm site
question
A(n) is a fully configured computer facility with all services, communications links, and physical plant operations, including heating and air conditioning.
answer
hot site
question
A(n) ______ is the next step down from the warm site and provides only rudimentary services and facilities. No computer hardware or peripherals are provided.
answer
cold site
question
______ is the process of collecting, analyzing, and preserving computer-related evidence.
answer
Computer forensics
question
The actions taken during and after a disaster are referred to as ______.
answer
crisis management