How can we help?

You can also find more resources in our Help Center.

50 terms

Management of Information Security Chapter 1

Chapter 1 of Management of Information Security, 3rd ed., Whitman and Mattford
STUDY
PLAY
Scope creep
____ occurs when the quantity or quality of project deliverables is expanded from the original project plan
Failure to meet project deadlines
____ is one of the most frequently cited failures in project management.
Communications
___________________ security encompasses the protection of an organization's communications media, technology, and content.
formation Technology
The ____________________ community supports the business objectives of an organization by supplying and supporting information technology appropriate to the businesss' needs.
All workers operate at approximately the same level of efficiency
The management of human resources must address many complicating factors; which of the following is NOT among them?
False
Operations are discrete sequences of activities with starting points and defined completion points.
activities
The Gantt chart lists ____ on its vertical axis and provides a simple time line on the horizontal axis.
democratic
The three behavioral types of leaders are autocratic, laissez-faire, and ____________________.
False
Only a deliberate attack, such as a virus, can result in the corruption of a file.
principles
Which of the following is NOT a Principle of Information Security Management?
authentication
An information system possesses the characteristic of ____ when it is able to recognize individual users.
Availability
The CNSS Security model known as the McCumber cube examines the confidentiality, integrity and ____________________ of information whether in storage, processing or transmission.
Programs
____________________ are the operations conducted within InfoSec, which are specifically managed as separate entities.
Operational
The three levels of planning are strategic planning, tactical planning, and ____________________ planning.
Employees benefit from the formal training required for the method
Which of the following is NOT an advantage of the PERT method?
Integrity
____ is the quality or state of being whole, complete, and uncorrupted.
Confidentiality
____ of information ensures that only those with sufficient privileges and a demonstrated need may access certain information.
False
An information system that is able to recognize the identity of individual users is said to provide authentication
True
1) Policy, 2) awareness, training and education, and 3) technology are concepts vital for the protection of information.
True
Popular management theory categorizes the principles of management into planning, organizing, leading and controlling
installation of a new firewall system
Which of the following is a project not a managed process?
availability
According to the C.I.A. triangle, the three desirable characteristics of information are confidentiality, integrity, and ____
policy
Which of the following Principles of Information Security Management seeks to dictate certain behavior within the organization through a set of organizational guidance?
decisional
A manager has informational, interpersonal, and ____ roles within the organization.
True
The two network scheduling techniques, the Critical Path Method and PERT, are similar in design.
availability
The ____ of information refers to the ability to access information without interference or obstruction and in a useable format.
False
The three desirable characteristics of information on which the C.I.A. triangle is founded are confidentiality, integrity, and authorization.
True
A project can have more than one critical path.
True
The integrity of information is threatened when it is exposed to corruption, damage, or destruction.
accountability
Audit logs that track user activity on an information system provide ____
Recognize and define the problem
Which of the following is the first step in the problem-solving process?
data network devices
Communications security involves the protection of an organization's ____.
Build support among management for the candidate solution
Which of the following is NOT a step in the problem-solving process?
True
Leadership generally addresses the direction and motivation of the human resource.
Management
____________________ is the process of achieving objectives using a given set of resources.
goal
The term ____________________ refers to the end result of a planning process.
False
The characteristic of information that enables a user to access it without interference or obstruction and in a useable format is confidentiality.
Quality
If the project deliverables meet the requirements specified in the project plan, the project has met its ____________________ objective
False
The authorization process takes place before the authentication process.
True
The C.I.A. triangle is an important element of the CNSS model of information security.
False
The CNSS security model includes detailed guidelines and policies that direct the implementation of controls.
authorization
The activation and use of access control lists is an example of the ____ process.
Information Security
____________________ is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information.
False
When you review technological feasibility, you address the organization's financial ability to purchase the technology needed to implement a candidate solution
False
Another popular project management tool is the bar or McCumber chart, named for its developer, who created this method in the early 1900s.
information security
The protection of information and the systems and hardware that use, store, and transmit that information is known as ____.
Network
____ security addresses the ability to use the network to accomplish the organization's data communication functions.
False
Information security can be both a process and a project because it is in fact a continuous series of projects.
accountability
The characteristic of ____ exists when a control provides assurance that every activity undertaken can be attributed to a named person or automated process.
False
Policies are InfoSec operations that are specifically managed as separate entities.