Management of Information Security Notes Chapter 2 — Planning for Security
Flashcard maker : Lily Taylor
An act or event that exploits a vulnerability is known as a(n) ____________________.
Data ____________________ are responsible for the security and use of a particular set of information.
Controls or ____________________ are used to protect information from attacks by threats; the terms are also often used interchangeably.
Resource management by executing appropriate measures to manage and mitigate risks to information technologies
The basic outcomes of information security governance should include all but which of the following?
According to the Corporate Governance Task Force (CGTF), during which phase in the IDEAL model and framework does the organization do the work according to the plan?
In a(n) ____________________ attack, the attacker uses an e-mail or forged Web site to attempt to extract personal information from a user.
A(n) ____ damages or steals an organization’s information or physical asset.
Information security governance includes all of the accountabilities and methods undertaken by the board of directors and executive management to provide strategic direction, verification that risk management practices are appropriate, and validation that the organization’s assets are used properly.
____ controls set the direction and scope of the security process and provide detailed instructions for its conduct
A SDLC-based project that is the result of a carefully developed strategy is said to be ____.
Operational plans are used by ____.
Budgeting, resource allocation, and manpower are critical components of the ____ plan.
An identified weakness of a controlled system is known as a ____.
A technique or mechanism that is used to compromise a system is called a(n) ____________________.
Penetration testing is often conducted by consultants or outsourced contractors, who are commonly referred to as hackers, ninja teams or black teams.
The application of computing and network resources to try every possible combination of characters to crack a password is known as a ____ attack.
Strategic planning has a more short-term focus than tactical planning.
Benefits of Information Security Governance include optimization of the allocation of limited security safeguards.
Tactical planning is the basis for the long-term direction taken by the organization.
Strategic plans are used to create tactical plans.
At the end of each phase of the security systems development life cycle (SecSDLC), a ____ takes place.
The ____________________ statement contains a formal set of organizational principles, standards, and qualities.
The long-term direction taken by the organization is based on ____ planning
Tactical planning is also referred to as ____.
A ____ is a feature left behind by system designers or maintenance staff.
A(n) ____ is an act or event that exploits a vulnerability.
Some companies refer to operational planning as intermediate planning.
Information security ____ must be addressed at the highest levels of an organization’s management team in order to be effective and offer a sustainable approach.
CISOs use the operational plan to organize, prioritize, and acquire resources for major projects.
____ controls deal with managerial functions and lower-level planning such as disaster recovery and incident response planning.
The ____ phase of the security systems development life cycle (SecSDLC) assesses the organization’s readiness, its current systems status, and its capability to implement and then support the proposed systems.
A(n) vulnerability is an identified weakness of a controlled information asset and is the result of absent or inadequate controls.
In the ____ phase of the security systems development life cycle (SecSDLC), the information obtained during the analysis phase is used to develop a proposed system-based solution for the business problem.
A(n) ____________________ is an object, person, or other entity that represents a constant danger to an asset of an organization.
Tactical plans are used to develop ____________________ plans.
A(n) ____ is a technique or mechanism used to compromise a system.
compromises to intellectual property
Copyright infringement is an example of the ____ category of threat.
he Carnegie Mellon University ____________________ information security governance model begins with a stimulus for change and loops through proposals for future actions.
The ____ statement contains a formal set of organizational principles, standards, and qualities.
Chief Risk Officer
The ____________________ has the primary responsibility for independent annual audit coordination.
The ____ phase is typically the most important phase of the security systems development life cycle (SecSDLC).
Place information security at the top of the board’s agenda
The National Association of Corporate Directors (NACD) recommends four essential practices for boards of directors. Which of the following is NOT one of these recommended practices?
A ____ attack involves sending a large number of connection or information requests to a target.
In the security systems development life cycle (SecSDLC), the work products of each phase fall into the next phase to serve as its starting point, which is known as the ____ model.
Vision statements are meant to be ____.
The basic outcomes of information security governance should include risk management by executing appropriate measures to manage and mitigate threats to information resources.
____ plans are used to organize the ongoing, day-to-day performance of tasks.
For any top-down approach to security implementation to succeed, the initiative must have a(n) ____ with influence to move the project forward.
In a(n) methodology, a problem is solved based on a structured sequence of procedures.
Organizations following the IDEAL Governance framework would determine where you are relative to where you want to be in the evaluation phase.