HIMT 340 Exam 1 – Flashcards
Unlock all answers in this set
Unlock answersquestion
The ____ explicitly declares the business of the organization and its intended areas of operations.
answer
mission statement
question
The ____ statement contains a formal set of organizational principles, standards, and qualities.
answer
values statement
question
Which of the following is true?
answer
Strategic plans are used to create tactical plans
question
____ plans are used to organize the ongoing, day-to-day performance of tasks.
answer
operational
question
Which of the following is NOT a significant benefit of information security governance?
answer
All of these are benefits of information security governance
question
Which of the following is an information security governance responsibility of the organization's employees?
answer
Implement policy, report security vulnerabilities and breaches
question
The ____ plan focuses on restoring operations at the primary site.
answer
DR
question
In CP, an unexpected event is called a(n) ____.
answer
Incident
question
Which of the following is a probable indicator of an actual incident?
answer
Presence of new accounts
question
A document that contains contact information on the individuals to be notified in the event of an actual incident is called a(n) ____.
answer
alert roster
question
A scripted set of instructions about an incident is known as a(n) ____.
answer
alert message
question
A(n) ____ entails a detailed examination of the events that occurred from first detection to final recovery.
answer
after-action review
question
Crisis management is designed to deal primarily with ____.
answer
people
question
When a disaster threatens the viability of an organization at the primary site, the ____ is started.
answer
business continuity process
question
A ____ is a fully configured computer facility that needs only the latest data backups and the personnel to function.
answer
hot site
question
____ is the transfer of live transactions to an off-site facility.
answer
remote journaling
question
____ is a method of testing contingency plans in which each involved person works individually to simulate the performance of each task.
answer
A simulation
question
The ____ layer is the outermost layer of the bull's-eye model, hence the first to be assessed for marginal improvement.
answer
Policies
question
____ comprise a set of rules that dictates acceptable and unacceptable behavior within an organization.
answer
Policies
question
Which of the following is a type of information security policy that deals with the entirety of an organization's information security efforts?
answer
Enterprise information security policy
question
The ISSP should begin with a ____.
answer
statement of purpose
question
Which of the following sections of the ISSP should provide instructions on how to report observed or suspected violations?
answer
Violations of Policy
question
The two groups of SysSPs are managerial guidance and ____.
answer
Technical specifications
question
Configuration codes entered into security systems to guide the execution of the system when information is passing through it are called ____.
answer
configuration rules
question
Typically, the information security policy administrator is ____.
answer
a mid-level staff member
question
A ____ specifies which subjects and objects users or groups can access.
answer
capability table
question
For instance, if policy mandates that all employees wear identification badges in a clearly visible location, and select members of management decide they are not required to follow this policy, any actions taken against other employees will ____.
answer
not withstand legal challenge
question
Which of the following is true about information security policy?
answer
It must be able to stand up in court, if challenged
question
Which of the following variables is the most influential in determining how to structure an information security program?
answer
Organizational culture
question
___ is the term used to describe the structure and organization of the effort that strives to contain the risks to the information assets of the organization.
answer
information security program
question
A medium-sized organization has ____.
answer
larger security needs than a small organization
question
n ____ organizations, the average amount spent on security per user is less than in any other type of organization.
answer
very large
question
Which of the following functions needed to implement the information security program implements and oversees the use of controls to reduce risk?
answer
risk management
question
In large organizations the information security department is often headed by the CISO who reports directly to the ____.
answer
top computing executive or Chief Information Officer
question
_ are accountable for the day-to-day operation of the information security program.
answer
security managers
question
Which of the following would be responsible for configuring firewalls and IDSs, implementing security software, and diagnosing and troubleshooting problems?
answer
A security technician
question
The security education, training, and awareness (SETA) program is designed to ____ by/of members of the organization.
answer
reduce the incidence of accidental security breaches
question
____ involves providing members of the organization with detailed information and hands-on instruction to enable them to perform their duties securely.
answer
SECUIRTY TRAINING
question
An outline of an information security blueprint is called a(n) ____.
answer
FRAMEWORK
question
The principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties is known as ____.
answer
least prvilege
question
Controls that remedy a circumstance or mitigate damage done during an incident as called ____,
answer
corrective
question
Controls that are structured and coordinated within a data classification scheme that rates each collection of information as well as each user are called ____.
answer
mandatory access controls
question
____ specifies the authorization classification of information asset an individual user is permitted to access, subject to the need-to-know principle.
answer
Security clearances
question
Question 44 (1 point) Question 44 Saved Under the Bell-LaPadula model, the ____ property prohibits a high-level subject from sending messages to a lower-level object. In short, subjects can read down and objects can write or append up.
answer
star (*)
question
Under the Biba model, the ____ property permits a subject to have write access to an object only if the security level of the subject is equal to or higher than that of the object.
answer
intergrity *
question
Which of the following is NOT a change control principle of the Clark-Wilson model?
answer
No changes by authorized subjects without external validation
question
The ___ or Chinese Wall model is designed to prevent a conflict of interest between two parties.
answer
Brewer-Nash
question
Which of the following is NOT a purpose of the ISO/IEC 17799 (later 27002) standard?
answer
All of these are correct
question
____ is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks. It enables clear policy development and good practice for IT control throughout organizations.
answer
COBIT
question
The cornerstone of the ISO/IEC 27001 standard is a set of processes known as the ____ cycle.
answer
Plan-Do-Check-Act
