Upgrade to remove ads
Terms in this set (50)
You are on the West Coast but want to connect to your company's intranet on the East Coast. You use a program to "tunnel" through the Internet to reach the intranet. Which technology are you using?
Virtual private networking
Web graffiti as a result of Web site defacement is an issue primarily in which IT domain?
A policy that addresses the use of personal mobile devices, such as a smartphone, to access an internal business network is an issue of which IT domain?
How is risk reduced in the LAN-to-WAN Domain?
Both A and B
You swipe your finger over your laptop's fingerprint reader to unlock the computer. Which type of authentication method are you using?
Something you are
In which IT domain do service level agreements help ensure the reliability and speed of a network connection?
Which compliance law concept states that individuals should know what information about them is being collected and should be told how that information is being used?
Which of the following is not a key component that must be covered in an organization's security policy for CIPA compliance?
Student information in school directories
Which law was challenged by the American Library Association and the American Civil Liberties Union claiming it violated free speech rights of adults?
To protect information systems and assess risk, NIST standards describe inventorying hardware and software, categorizing risk levels, and which controls to apply, among others. One standard involves certification and accreditation. What is the purpose of this process?
Occurs after an information system is documented, controls tested, and risk assessment completed, transferring responsibility to the owner who will operate the system
Of the following compliance laws, which focuses most heavily on personal privacy?
Which compliance law concept states that only the data needed for a transaction should be collected?
Limited use of personal data
Which department generally does not review policies and standards before official approval?
What is a potential disadvantage of using consecutive numbers in a policy library?
The numbering scheme can become disorganized if you don't leave room in the scheme for new documents to be added.
One of the key factors of a successful implementation of an organization-wide security policy
Which of the following is not an administrative control?
Logical access control mechanisms
Fences, security guards, and locked doors are examples of which type of security control?
Which of the following is not a security awareness training best practice?
Focus on horror stories of bad security practices.
Which of the following are used as benchmarks for audit purposes?
Which of the following is not a generally accepted and widely used policy framework?
An organizational chart
Of the following roles related to a policy and standards library, which role maintains policies and procedures that provide for security and risk management of information resources?
Information resources manager
Which part of an IT policy framework includes the program's purpose and mission, and the program's scope within the organization?
Incident reporting, incident management, and user ID addition/removal are examples of which of the following?
Regarding security policies, what is a stakeholder?
An individual who has an interest in the success of the security policies
The basic elements of motivation include pride, success, and __________.
In Kotter's change model, which step is generally part of informal discussions rather than part of the formal implementation process?
Step 3: Create a vision for change
Which of the following is not a common measurement for determining if individuals are adhering to security policies?
Number of external security breach attempts
In Kotter's change model, in which step does the ISO work with line management to collect metrics for assessing the policies' effectiveness and ensure metrics are meaningful?
Step 6: Create short-term wins
Which of the following is typically defined as the end user of an application?
Which of the following is not true of a hierarchical organization?
Wide span of control
During which phase of the COBIT ISS management life cycle do internal and external audits occur?
Monitor and Evaluate
The concept of "need to know" is most closely associated with which of the following?
Why are information security policies important to an organization?
They strengthen the company's ability to protect its information resources.
Which of the following is not one of the four domains of the COBIT framework for ISS management?
Support and Monitor
During which phase of the COBIT ISS management life cycle do you review how you are going to manage your IT investment such as contracts, service level agreements (SLAs), and new policy ideas?
Plan and Organize
The use of encryption and digital signatures helps ensure that what was transmitted is the same as what was received. Which of the following is assured?
Who is responsible for executing policies and procedures, such as backup and versioning?
A fundamental component of internal control for high-risk transactions is __________.
separation of duties
Which type of business risk category focuses on an event that may change how the organization operates, such as a merger or acquisition?
___________ refers to the degree of risk an organization is willing to accept.
Who has a highly restricted role and grants access rights?
Data security administrator
Your organization is adopting several security policy frameworks. Which of the following is best suited for processing credit cards?
Which IT framework extends the COBIT framework and is a comprehensive risk management approach?
ISACA Risk IT framework
An encryption system is an example of which type of security control?
Security controls fall into three design types: preventive, detective, and _________.
A backup generator is an example of which type of security control?
A business _______ emerges when an organization cannot meet its obligation or duty.
A locked wiring closet is an example of which type of security control?
Which of the following is not a common business driver?
THIS SET IS OFTEN IN FOLDERS WITH...
CISS 3362 Midterm
CISS 3362 Final
YOU MIGHT ALSO LIKE...
ITEC370 Test 2
SCIA 370 Final
Cumulative Final Secure Policy
IAP301- try to me
OTHER SETS BY THIS CREATOR
Intro to Sociology
Intro to Biology
Intro to Business
OTHER QUIZLET SETS
The Cold War
CTL: 4.2 IDNETIFYING CONSIDERATION
7th Grade Vocabulary - Life Science
Government and politics of Darwin exam 1