The_________________________is the American contribution to an international effort to reduce the impact of copyright, trademark, and privacy infringement, especially when accomplished via the removal of technological copyright protection measures.
Digital Millennium Copyright Act (DMCA)
Family law, commercial law, and labor law are all encompassed by___________law.
Guidelines that describe acceptable and unacceptable emplyee behaviors in the workpalce are known as __________.
The secret Service is chard with the detection and arrest of any person committing a United States federal offense relating to computer fraud and false identification crimes.
Thirty-four countries have ratified the European Council Cyber-Crime Convention as of April 2010.
Laws and policies and their associated penalites only dter if which of the following conditions is present?
a) Fear of penalty
b) Probablity of being caught
c) Probability of penalty being adminstered
d) All the above *
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage______.
Which of the following countries reported generally intolerant attitudes toward personal use of organizational computing resources?
What is the subject of the Sarbanes-Oxley Act?
The ______of 1999 provides guidance on the use of encryption and provides protection from government intervention.
Security and Freedom through Encryption Act
________attempts to prevent trade secrets from being illegally shared.
Economic Espionage Act
A(n) _______is an authorization issued by an organization for the repair, modifcation, or update of a piece of equipment.
The military uses a ____-level classifcation scheme.
In the U.S. military classfication scheme, ______data is any information or material the unauthorized disclosure of which reasonalby could be expected to cause damage to the national security.
________is simply how often you expect a specific type of attack to occur.
The formal decision making process used when considering the economic feasibility of omplementing information security controls and sfeguards is called a(n)__________.
A certificate authority should actually be catagorizes as a software security component.
Information security managers and technicians are the creators of information.
Leaving unattended computers on is one of the top information security mistakes made by individuals.
The ___________security policy is planning document that outlines the process of implementing security in the organization.
Polices are living documents that must be managed.
Technical controls are the tactical and technical implementations of security in the organization.
The ISSP sets out the requirements that must be met by the information security blueprint or framework.
Disaster recovery personnel must know their roles without supporting documentation.
A policy should sate that if employess violate a company policy, or an law using company technologies, the company will protect them, and the company is liable for the employee's actions.
A buffer against outside attacks is frequently referred to as a(n)_________.
Incident damage _______is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and infromation assets during or just following an incident.
A____site provides only rudimentary services and facilities.
The first phase in the development of the contingency planning process is the ___________.
___________controls cover security porcesses that are designed by strategic planners and implemented by the secruity administration of the organization.
in recent years, the broadband router devices that can function as packet-filtering firewalls have enhanced to combine the features of ________.
The application gateway is also know as a(n)______.
A ________filtering firewall can react to an emergent event and update or create rules to deal with the event.
In __________mode, the data within an IP packet encrypted, but the header information is not.
A (n) is "a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of tunneling protocol and security procedures.
Kerbos _____________provides tickets to clients who request services.
________generates and issues sessions keys in Kerberos.
The dominant architecture used to secure network acces today is the _______firewall.
_____is the protocol for handling TCP traffic through a proxy server.
The proxy server is often placed in an usecured area of the network or is placed in the _____zone.
The AES algoorithm was the first public key encryption algorithm.
Julius Caesar was associated with an early version of the transpostion cipher.
One encryption method made popular by spy movies involves using the text in a book as the key to decrypt a message.
Hashing functions require the use of keys.
The application header protocol provides secrecy for the content of a network communication.
The permutation cipher simply rearranges the values with a block to create the ciphertext.
The most popluar version of____________involves hiding information within files that contain digital pictures or other images.
________is an integrated system of software, encryption, methodologies, protocols, legal agreements, and third-pary services that enables users to communicate securely.
______are encrypted messages that can be mathmatically proven to be authentic
The number of horizontal and vertical pixels captured and recorded is known as the images_____.
SPS systems provide power conditioning.
There are very few qualified and profssional agencies that provide physical security sonsulting and services.
Vibration senors fall into the motion sensor category
________sprinklers are the newest form of sprinkler system and rly on the ultra-fine mists instead of traditionalshower-typer systems.
The thermal detection systems contain a sophisticated heat _________.
________sensors project and detect an infrared beam across the area.
Interior walls reach only part way to the next floor, which leaves a space above the cieling of the offices but below the top of the storey. This space is called a(n) __________.
_______occurs when an authorized person presents a key to open a door, and other people, who may or may not be authorized to enter.
Electronic monitoring includes__________systems.
A device that assures the delivery of electric power without interruption s a(n)_____.
One of the leading causes of damage to sensitive circuitry is ________.
Security in general is always safe from the outside world.
In general the design phase is accomplished by changing the configuration and operation of the organizations's information systems to make them more secure.
Planners need to estimate the effort required to complete each task, subtask, or action step.
The need for qualified trained, and available personnel constrains the project plan.
The budgets of public organizations are usually the product of legislation or public meetings.
The first step in the WBS approach encompasses activities, but not deliverables.
The WBS can be prepared with a simple desktop PC word processing program.
The date for sending the final RFP to vendors is considerd a(n), because it signals that all RFP prepartion work is complete.
In the __________process, measured results are compared to expected results.
negative feedback loop
Tasks or action steps that come after the task at hand are called _________.
The organization should integrate the security awarennes education inot a new hire's ongoing jobe oreintation and make it a part of every employee's on-the-job training.
To maintain a secure facility , all contract employess should be escoretd from room to room, as well as inot and out of the facility.
_________are often involved in national security and cyber-security taks and move from those enviroments into the more buiness-oriented world of information security.
The breadth and depth covered in each of the domains makes the _____one of the most difficult -to-attain certifications on the market.
The_________program focuses more on building trusted networks, including biometrics and PKI.
Many information security porfessionals enter the field from traditional ________assignments.
___________are the real techies who create and install security solutions.
_____is a cornerstone in the protection of information assets and in the prevention of financial loss.
Separation of duties
_______are hired by the organization to serve in a temporary position or to supplement the existing workforce.
Organizations are not required by law to protect employess information that is sensitive or personal.
If an organization deals successfully with change and has created procedures and systems that can be adjusted to the enviorment, the existing secruity improvement program will probably contine to work well.
Digital forensics helps the organization understand what happened and how.
An effective security program demands comprehensive and continous understanding of program and system configuration.
Documentation procedures are not required for confiuation and change management processes.
External monitoring entails collecting intelligence from various data sources and then giving that intelligence context and meaning for use by decision makers with the organization.
Overt time external monitoring processes should capture information about the the external enviroment in a format that can be referenced both across the organization as threats emrge and for historical use.
The characterstics concerned with manufactuer and software versions are about tehchnical functionality, and they should be kept highl accurate and up-to-date
An intranet scan starts with an Internet search engine.
All telephone numbers controlled buy an organization should be tested for modem vulnerability, unless the configuration of the phone equipment on premises can assure that no number can be dialed from the worldwide telephone system.
Remediation of vulnerabilites can be accompolished by accepting or transferring the rise, removing the threat, or repairing the vulnerablity.
In some instance risk is acknowledged as bein part of an organization's business process.
Major planning components should be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.