Mgmt of Info Security/Forensic Ch. 2 – Flashcards
Unlock all answers in this set
Unlock answersquestion
Analysis
answer
In which phase of the SecSDLC does the risk management task occur?
question
Resource management by executing appropriate measures to manage and mitigate risks to information technologies
answer
The basic outcomes of InfoSec governance should include all but which of the following?
question
True
answer
(T/F) A clearly directed strategy flows from top to bottom rather than from bottom to top.
question
False
answer
(T/F) Penetration testing is often conducted by contractors, who are commonly referred to as black-hats.
question
Back Door
answer
What is the feature left behind by system designers or maintenance staff that allows quick access to a system at a later time by bypassing access controls?
question
Malicious Code
answer
What is an attack that involves sending a large number of connection or information requests to a target?
question
False
answer
(T/F) The primary goal of external monitoring is to maintain an informed awareness of the state of all of the organization's networks, information systems, and information security defenses.
question
Event-Driven
answer
The impetus to begin an SDLC-based project may be _____?_____, that is, a response to some activity in the business community, inside the organization, or within the rands of employees, customers, or other stakeholders.
question
False
answer
(T/F) A top-down approach to information security usually begins with a systems administrator's attempt to improve the security of their systems.
question
Penetration
answer
In ____?_____ testing, security personnel simulate or perform specific and controlled attacks to compromise or disrupt their own systems by exploiting documented vulnerabilities.
question
Strategic plans are used to create tactic plans
answer
What is true about strategic plans?
question
An InfoSec risk management methodology
answer
What should be included in an InfoSec Governance Program?
question
Managerial Control
answer
What sets the direction and scope of the security process and prove detailed instruction for its conduct?
question
Set security policy, procedures, programs and training
answer
What is an information security governance responsibility of the Chief Security officer?
question
Investigation
answer
What is the first phase of the SecSDLC?
question
Mission Statement
answer
What explicitly declares the business of the organization and its intended areas of operations?
question
Information Extortion
answer
Blackmail threat of informational disclosure is an example of what kind of threat?
question
Waterfall
answer
In which model in the SecSDLC does the work products of each phrase fall into the next phase to serve as its starting point?
question
Establishing
answer
According to the Corporate Governance Task Force (CGTF), during which phase in the IDEAL model and framework does the organization plan the specifics of how it will reach its destination?
question
Strategic
answer
Which type of planning is the primary tool in determining the long-term direction taken by an organization?
question
Operational
answer
Which type of planning is the primary tool in the deterring the long-term direction taken by an organization?
question
Timing
answer
A(n) _____?_____ attack enables an attacker to extract secrets maintained in a security system by observing the time it takes the system to respond to various queries.
question
False
answer
(T/F) Because it sets out general business intentions, a mission statement does not need to be concise.
question
Utilizes the technical expertise of the individual administrators
answer
What is a key advantage of the bottom-up approach to security implementation?
question
Buffer
answer
A ____?____ overflow is an application error that occurs when the system can't handle the amount of data that is sent.
