How can we help?

You can also find more resources in our Help Center.

25 terms

Planning for Security

Chapter 5- Principles of Information Security 4th Ed.
STUDY
PLAY
vision
Strategic planning is the process of moving the organization towards its _____.
de jure
Standards may be published, scrutinized, and ratified by a group, as in formal or _____ standards.
EISP
The _____ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.
SysSPs
_____ often function as standards or procedures to be used when configuring or maintaining systems.
A security framework
_____ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.
ISO/IEC 27002
The stated purpose of _____ is to "give recommendations for information security management for use by those who are responsible for initiating, implementing, or maintaining security in their organization."
(United States)
(Germany)
(Japan)
NONE OF THE ABOVE
What country adopted ISO/IEC 17799?
blueprint
SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security _____.
(organizing)
(leading)
(controlling)
ALL OF THE ABOVE
Effective management includes planning and _____.
IETF
The Security Area Working Group acts as an advisory board for the protocols and areas developed and promoted by teh Internet Society and the _____.
security
The spheres of _____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources.
Managerial
_____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.
(firewalls)
(proxy servers)
(access controls)
ALL OF THE ABOVE
Redundancy can be implemented at a number of points throughout the security architecture, such as in _____.
Operational controls
address personnel security, physical security, and the protection of production inputs and outputs.
domains
Security _____ are the areas of trust within which users can freely communicate.
DMZ
A buffer against outside attacks is frequently referred to as a _____.
Network
_____-based IDPSs look at patterns of network traffic and attempt to detect unusual activity based on previous baselines.
CISO
The SETA program is the responsibility of the _____ and is a control measure designed to reduce the incidences of accidental security breaches by employees.
IR
A(n) _____ plan deals with the identification, classification, response, and recovery from an incident.
BIA
The first phase in the development of the contingency planning process is the _____.
roster
An alert _____ is a document containing contact information for the people to be notified in the event of an incident.
assessment
Incident damage _____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.
5
RAID _____ drives can be hot swapped.
cold
A _____ site provides only rudimentary services and facilities.
electronic vaulting
The transfer of large batches of data to an off-site facility is called _____.