Download Chapter 4

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
Document related concepts

Mobile security wikipedia , lookup

Unix security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Information security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer security wikipedia , lookup

Distributed firewall wikipedia , lookup

Social engineering (security) wikipedia , lookup

Transcript 
Chapter 4
True/False
Indicate whether the statement is true or false.
____
1. The bull’s-eye model emphasizes the role of policy in an information security program.
____
2. Policies must note the existence of penalties for unacceptable behavior.
____
3. The ISSP is not a binding agreement between the organization and its members.
____
4. Users have a right to use an organization’s information systems for personal e-mails, even if this right is not
specified in the ISSP.
____
5. In some systems, capability tables are called user profiles.
____
6. Access control lists can only be used to restrict access according to the user.
____
7. Rule-based policies are less specific to the operation of a system than access control lists.
____
8. All rule-based policies must deal with users directly.
____
9. An automated policy management system is able to assess readers’ understanding of the policy and
electronically record reader acknowledgments.
____ 10. Today, most EULAs are presented on blow-by screens.
____ 11. The Flesch-Kincaid Grade Level score evaluates writing on a U.S. grade-school level.
____ 12. When a policy is created and distributed without software automation tools, it is often not clear which
manager has approved it.
____ 13. If multiple audiences exist for information security policies, different documents must be created for each
audience.
____ 14. An ISSP will typically not cover the use of e-mail or the Internet.
____ 15. Access control lists can be used to control access to file storage systems.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 16. The ____ layer is the outer layer of the bull’s-eye model.
a. Systems
c. Policies
b. Networks
d. Applications
____ 17. The ____ model describes the layers at which security controls can be applied.
a. NSTISSC
c. bull’s-eye
b. EISP
d. policy
____ 18. Which of the following is a type of information security policy that deals with all of an organization’s security
efforts?
a. issue-specific security policy
c. company-wide security policy
b. system-specific security policy
d. enterprise information security policy
____ 19. The ____ section of an ISSP explains who can use the technology governed by the policy and for what
purposes.
a. Violations of Policy
____ 20.
____ 21.
____ 22.
____ 23.
____ 24.
____ 25.
____ 26.
____ 27.
____ 28.
____ 29.
____ 30.
b. Limitations of Liability
c. Systems Management
d. Authorized Access and Usage of Equipment
Capability tables are also known as ____.
a. system policies
c. system profiles
b. user policies
d. account lists
Configuration codes entered into security systems to guide the execution of the system when information is
passing through it are called ____.
a. access control lists
c. configuration rules
b. user profiles
d. capability table
A detailed outline of the scope of the policy development project is created during the ____ phase of the
SecSDLC.
a. design
c. implementation
b. analysis
d. investigation
During the ____ phase of the SecSDLC, the information security policy is monitored, maintained, and
modified as needed.
a. implementation
c. analysis
b. maintenance
d. investigation
The policy champion and manager is called the ____.
a. policy developer
c. policy enforcer
b. lead policy developer
d. policy administrator
The ____ component of an EISP defines the organizational structure designed to support information security
within the organization.
a. Information Technology Security Responsibilities and Roles
b. Need for Information Technology Security
c. Reference to Other Information Technology Standards and Guidelines
d. Information Technology Security Elements
A typical blow-by screen may require the user to ____.
a. click a button on the screen
c. type words
b. press any key
d. press a function key
The Flesch Reading Ease scale evaluates writing on a scale of ____.
a. 1 to 10
c. 1 to 50
b. 1 to 20
d. 1 to 100
For most corporate documents, a score of ____ is preferred on the Flesch Reading Ease scale.
a. 9 to 10
c. 60 to 70
b. 15 to 20
d. 90 to 100
For most corporate documents, a score of ____ is preferred as a Flesch-Kincaid Grade Level score.
a. 4.0 to 5.0
c. 9.0 to 10.0
b. 7.0 to 8.0
d. 11.0 to 12.0
In its simplest form, a coverage matrix is a ____.
a. list
c. three-dimensional table
b. two-dimensional table
d. queue
Completion
Complete each statement.
31. The ____________________ layer is the place where threats from public networks meet the organization’s
networking infrastructure in the bull’s-eye model.
32. The computers used in an organization are part of the ____________________ layer of the bull’s-eye model.
33. The responsibilities of both the users and the systems administrators should be specified in the
____________________ section of the ISSP.
34. The ____________________ section of the ISSP should provide instructions to employees on how to report
observed or suspected violations of the usage and systems management policies.
35. SysSPs can be separated into two general groups: managerial guidance and ____________________.
36. The champion and manager of the information security policy is called the ____________________.
37. An implementation model that emphasizes the role of policy in an information security program is the
____________________ model.
38. The formulation of program policy in the ____________________ document establishes the overall
information security environment.
39. In an organization, a(n) ____________________ security policy provides detailed, targeted guidance to
instruct all the members in the use of technology-based systems.
40. The ____________________ section of the ISSP should specify users’ and systems administrators’
responsibilities.
Essay
41. List the significant guidelines used in the formulation of effective information security policy.
42. Describe the advantages and disadvantages of using a modular approach for creating and managing the ISSP.
43. List the goals of the issue-specific security policy (ISSP) of an organization.
Related documents
information Security Blueprint
information Security Blueprint
Monitoring National Development in India
Monitoring National Development in India
Statistical Data Analysis: Primer
Statistical Data Analysis: Primer
writing Dinka Poems dinka_poems
writing Dinka Poems dinka_poems
AP STATS – Chapter 8 Binomial vs. Geometric Probabilities Name 1
AP STATS – Chapter 8 Binomial vs. Geometric Probabilities Name 1
34_Binomial Activity #2
34_Binomial Activity #2
Binom 1 ANS
Binom 1 ANS
What are the effects of Energy Drinks?
What are the effects of Energy Drinks?
Environmental Attitudes in International Comparison: An Analysis of
Environmental Attitudes in International Comparison: An Analysis of
Tape9.TheCivilWar
Tape9.TheCivilWar
The American Civil War “Bull Run to Antietam”
The American Civil War “Bull Run to Antietam”
203kB - Surrey Research Insight Open Access
203kB - Surrey Research Insight Open Access
Why are some people (and countries) more protectionist than others?
Why are some people (and countries) more protectionist than others?