Filters
Question type
Study Flashcards

Which of the following is a type of information security policy that deals with the entirety of an organization's information security efforts?


A) Issue-specific security policy
B) System-specific security policy
C) Company-wide security policy
D) Enterprise information security policy

E) B) and C)
F) C) and D)

Correct Answer

verifed

verified

In order to avoid reprisal or retaliation against employees,reporting of violations of policy should be set up to be ____________________ .

Correct Answer

verifed

verified

Granularity is the level of specificity and detail with which administrators can control access to their systems._________________________

A) True
B) False

Correct Answer

verifed

verified

The policy champion and manager is called the ____.


A) policy developer
B) lead policy developer
C) policy enforcer
D) policy administrator

E) B) and C)
F) A) and D)

Correct Answer

verifed

verified

A disadvantage of creating a single comprehensive ISSP document is that such a document ____.


A) usually fails to cover all the necessary issues
B) can suffer from poor policy review
C) can suffer from poor policy enforcement
D) may overgeneralize the issues and skip over vulnerabilities

E) A) and C)
F) A) and B)

Correct Answer

verifed

verified

Configuration codes entered into security systems to guide the execution of the system when information is passing through it are called ____.


A) access control lists
B) user profiles
C) configuration rules
D) capability table

E) A) and C)
F) A) and B)

Correct Answer

verifed

verified

Which of the following is NOT a guideline that may help in the formulation of information technology (IT) policy as well as information security policy?


A) All policies must contribute to the success of the organization
B) Policies must be reviewed and approved by legal council before administration
C) Management must ensure the adequate sharing of responsibility for proper use of information systems
D) End users of information systems should be involved in the steps of policy formulation

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

Unless a policy actually reaches the end users,it cannot be enforced.

A) True
B) False

Correct Answer

verifed

verified

A(n)enterprise information security policy is a type of information security policy that provides detailed,targeted guidance to instruct all members of the organization in the use of technology-based systems._________________________

A) True
B) False

Correct Answer

verifed

verified

Today,most EULAs are presented on blow-by screens.

A) True
B) False

Correct Answer

verifed

verified

If multiple audiences exist for information security policies,different documents must be created for each audience.

A) True
B) False

Correct Answer

verifed

verified

A(n)standard is a more detailed statement of what must be done to comply with a policy._________________________

A) True
B) False

Correct Answer

verifed

verified

The responsibilities of both the users and the systems administrators with regard to specific technology rules should be specified in the ____________________ section of the ISSP.

Correct Answer

verifed

verified

A standard is built from a ____.


A) practice
B) policy
C) procedure
D) guideline

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

The policy administrator must be technically oriented.

A) True
B) False

Correct Answer

verifed

verified

Which of the following is true about information security policy?


A) It should be written after a company has encountered an incident
B) It may conflict with the law
C) End users should not be involved in the creation of the policy
D) It must be able to stand up in court, if challenged

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

A disadvantage of creating a number of independent ISSP documents is that the result may ____.


A) overgeneralize the issues
B) suffer from poor policy dissemination
C) skip over vulnerabilities
D) be written by those with less complete subject matter expertise

E) C) and D)
F) B) and D)

Correct Answer

verifed

verified

The ____ layer is the outermost layer of the bull's-eye model,hence the first to be assessed for marginal improvement.


A) Systems
B) Networks
C) Policies
D) Applications

E) None of the above
F) C) and D)

Correct Answer

verifed

verified

The ISSP sections Authorized Access and Usage of Equipment and Prohibited Usage of Equipment may be combined into a section called ____.


A) Violations of Policy
B) Limitations of Liability
C) Appropriate Use Policy
D) Systems Management

E) B) and C)
F) A) and D)

Correct Answer

verifed

verified

____ comprise a set of rules that dictates acceptable and unacceptable behavior within an organization.


A) Standards
B) Procedures
C) Guidelines
D) Policies

E) A) and D)
F) None of the above

Correct Answer

verifed

verified

Showing 81 - 100 of 133

Related Exams

Exam 1

Introduction to the Management of Information Security

139 Questions

Exam 2

Planning for Security

123 Questions

Exam 3

Planning for Contingencies

114 Questions

Exam 5

Developing the Security Program

133 Questions

Exam 6

Security Management Models

120 Questions

Exam 7

Security Management Practices

114 Questions

Exam 8

Risk Management: Identifying and Assessing Risk

78 Questions

Exam 9

Risk Management: Controlling Risk

105 Questions

Exam 10

Protection Mechanisms

133 Questions

Exam 11

Personnel and Security

133 Questions

Exam 12

Law and Ethics

113 Questions

Show Answer