Information Security Management 1

Description

New solution updates


Question

01: According to your textbook which of the following is NOT part of risk analysis
Determine how likely each risk is to occur
Identify any risks to assets
Implement an acceptable use policy
Determine the value of assets
02: A risk is defined as
A weakness in a system
A potential for exploit of a weakness in a system
The existence of a weakness in a system and the potential for an exploit
An attempted security attack
03: If a manager obtains insurance for damage to an asset, this is called risk transference
True
False
04: Managers should declare financial statements about asset values
True
False
05: A principle that a single person should not have authority to execute a critical task is called
Access control
Separation of duties (or privileges)
Discretionary control
Confidentiality
06: Unauthorized alteration of information is a breach of
Confidentiality
Integrity
Availability
Protocol
07: Of the two types of attackers, which has the potential to do the most damage?
Malicious Outsiders
Non-Malicious Insiders
Non-Malicious Outsiders
Malicious Insiders
08: When controlling information such that only those who get the information are those who require it to do their job is called on a “need to know” basis
True
False
09: Planning to have a “hot site” to restart operations in the case of a fatal incident is part of having a
Risk Assessment Plan
Disaster Recovery Plan
Vulnerability Assessment Plan
Business Continuity Plan
10: Planning for a “co-location” to continue business as usual in the case of an incident that disrupts operations at one site is part of having a
Risk Assessment Plan
Disaster Recovery Plan
Vulnerability Assessment Plan
Business Continuity Plan
11: SLE represents
The proportion of assets that would be destroyed by a risk
Damage to an asset each time a risk would incur in a year
Number of times a risk may occur in a year
Damage to an asset incurred cumulatively for each year of the asset’s lifetime
12: Privilege creep means
An administrator gives him or herself the ability to examine private accounts
An attacker uses a rootkit to escalate privileges to execute system functions
When someone changes roles, they accrue both old and new privileges even if they are not needed
When a user logs in as a normal user, the executes an “su” to become a superuser
13: The four choices that managers have when managing risks are, (1) risk avoidance, (2) risk prosecution, (3) risk acceptance, (4) risk transference.
True
False
14: The encryption algorithm AES avoids security through obscurity
True
False
15: A security policy is a written document only
True
False
16: Even though very simplistic, security “checklists” such as the ISO 27000: 27001/27002 (17799) - also known as the ISO 27000 (or ISO27K) family of standards is useful for security auditing in preparation for or as part of a security certification
True
False
17: Conducting background checks on employees is illegal in the United States
True
False
18: Least privilege means allocating only the minimum set of privileges required to perform a job function
True
False
Short Essay
19: Give a brief explanation of the differences between risk assessment and risk management. Give as an example the name of at least one standard or framework that is used for each one
20: Briefly describe what responsibilities managers have in terms of security. In this description, note that managers in this context are not security officers or officers of a company and do NOT have fiduciary responsibilities. In other words, what are minimum security standards managers must adhere to regardless of their position?

 

Solution ID:480011 | This paper was updated on 26-Nov-2015

Price : $30
SiteLock