FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 4: Planning for Security

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 51

True/False

Review LaterAdd Note

Review Later

The key components of the security perimeter include firewalls, DMZs (demilitarized zones), Web servers, and IDPSs. _________________________

A) True
B) False

Correct Answer

verified

Show Answer

Question 52

True/False

Review LaterAdd Note

Review Later

Failure to develop an information security system based on the organization's mission, vision, and culture guarantees the failure of the information security program.

A) True
B) False

Correct Answer

verified

Show Answer

Question 53

Multiple Choice

Review LaterAdd Note

The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization.

A standard is a written instruction provided by management that informs employees and others in the workplace about proper behavior.

When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems  

A(n) ____________________ is a scripted description of an incident-usually just enough information so that each individual knows what portion of the IRP to implement, and not enough to slow down the notification process.

The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.

The transfer of live transactions in real time to an off-site facility is called ____________________.

The security framework is a more detailed version of the security blueprint.

A(n) ____________________ is a detailed examination of the events that occurred from first detection to final recovery.

A(n) ____________________  directs members of an organization as to how issues should be addressed and how technologies should be used.

The operational plan documents the organization's intended long-term direction and efforts for the next several years. _________________________

A(n) ____________________ backup is the storage of all files that have changed or been added since the last full backup.

A(n) ____________________ site is a fully configured computer facility with all services, communications links, and physical plant operations provided, including heating and air conditioning.

Each policy should contain procedures and a timetable for periodic review.

Guidelines are detailed statements of what must be done to comply with policy. _________________________

An information security ________ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.

A(n) ________ plan is a plan for the organization's intended strategic efforts over the next several years.

NIST responded to a mandate and created a voluntary Risk Management Framework that provides an effective approachto manage cybersecurity risks. _________________________

The stated purpose of ISO/IEC 27002 is to offer guidelines and voluntary directions for information security management.  _________________________