Scribd Logo
Upload

Welcome to Scribd!

  • Information Security Notes Chapter 2

    Uploaded by

    غسان الشليف
    5 views3 pages
    secound chapter of information security

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    secound chapter of information security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views3 pages

    Information Security Notes Chapter 2

    Uploaded by

    غسان الشليف
    secound chapter of information security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Management of Information Security Notes Chapter 2 -- Planning for Secu

    rity
    Study online at https://quizlet.com/_22u0pn
    An act or event that exploits a vulnerability is known as a(n)
    attack
    ____________________.
    Data ____________________ are responsible for the security
    owners
    and use of a particular set of information.
    Controls or ____________________ are used to protect infor-
    mation from attacks by threats; the terms are also often used safeguards
    interchangeably.
    The basic outcomes of information security governance should Resource management by executing appropriate measures to
    include all but which of the following? manage and mitigate risks to information technologies
    According to the Corporate Governance Task Force (CGTF), dur-
    ing which phase in the IDEAL model and framework does the Acting
    organization do the work according to the plan?
    In a(n) ____________________ attack, the attacker uses an
    e-mail or forged Web site to attempt to extract personal informa- phishing
    tion from a user.
    A(n) ____ damages or steals an organization's information or
    threat agent
    physical asset.
    Information security governance includes all of the accountabili-
    ties and methods undertaken by the board of directors and exec-
    utive management to provide strategic direction, verification that True
    risk management practices are appropriate, and validation that
    the organization's assets are used properly.
    ____ controls set the direction and scope of the security process
    Managerial
    and provide detailed instructions for its conduct
    A SDLC-based project that is the result of a carefully developed
    plan-driven
    strategy is said to be ____.
    Operational plans are used by ____. managers
    Budgeting, resource allocation, and manpower are critical com-
    tactical
    ponents of the ____ plan.
    An identified weakness of a controlled system is known as a ____. vulnerability
    A technique or mechanism that is used to compromise a system
    exploit
    is called a(n) ____________________.
    Penetration testing is often conducted by consultants or out-
    sourced contractors, who are commonly referred to as hackers, False
    ninja teams or black teams.
    The application of computing and network resources to try every
    possible combination of characters to crack a password is known brute force
    as a ____ attack.
    Strategic planning has a more short-term focus than tactical plan-
    False
    ning.
    Benefits of Information Security Governance include optimization
    False
    of the allocation of limited security safeguards.
    Tactical planning is the basis for the long-term direction taken by
    False
    the organization.
    Strategic plans are used to create tactical plans. True
    At the end of each phase of the security systems development life
    structured review
    cycle (SecSDLC), a ____ takes place.
    The ____________________ statement contains a formal set of
    values
    organizational principles, standards, and qualities.
    The long-term direction taken by the organization is based on
    strategic
    ____ planning
    Tactical planning is also referred to as ____. project planning
    1/3
    Management of Information Security Notes Chapter 2 -- Planning for Secu
    rity
    Study online at https://quizlet.com/_22u0pn
    A ____ is a feature left behind by system designers or mainte-
    back door
    nance staff.
    A(n) ____ is an act or event that exploits a vulnerability. attack
    Some companies refer to operational planning as intermediate
    False
    planning.
    Information security ____ must be addressed at the highest levels
    of an organization's management team in order to be effective objectives
    and offer a sustainable approach.
    CISOs use the operational plan to organize, prioritize, and acquire
    True
    resources for major projects.
    ____ controls deal with managerial functions and lower-level
    planning such as disaster recovery and incident response plan- Operational
    ning.
    The ____ phase of the security systems development life cycle
    (SecSDLC) assesses the organization's readiness, its current
    analysis
    systems status, and its capability to implement and then support
    the proposed systems.
    A(n) vulnerability is an identified weakness of a controlled infor-
    True
    mation asset and is the result of absent or inadequate controls.
    In the ____ phase of the security systems development life cycle
    (SecSDLC), the information obtained during the analysis phase
    logical design
    is used to develop a proposed system-based solution for the
    business problem.
    A(n) ____________________ is an object, person, or other entity
    threat
    that represents a constant danger to an asset of an organization.
    Tactical plans are used to develop ____________________
    operational
    plans.
    A(n) ____ is a technique or mechanism used to compromise a
    exploit
    system.
    Copyright infringement is an example of the ____ category of
    compromises to intellectual property
    threat.
    he Carnegie Mellon University ____________________ informa-
    tion security governance model begins with a stimulus for change IDEAL
    and loops through proposals for future actions.
    The ____ statement contains a formal set of organizational prin-
    values
    ciples, standards, and qualities.
    The ____________________ has the primary responsibility for
    Chief Risk Officer
    independent annual audit coordination.
    The ____ phase is typically the most important phase of the
    maintenance
    security systems development life cycle (SecSDLC).
    The National Association of Corporate Directors (NACD) recom-
    mends four essential practices for boards of directors. Which of Place information security at the top of the board's agenda
    the following is NOT one of these recommended practices?
    A ____ attack involves sending a large number of connection or
    denial-of-service (DoS)
    information requests to a target.
    In the security systems development life cycle (SecSDLC), the
    work products of each phase fall into the next phase to serve as waterfall
    its starting point, which is known as the ____ model.
    Vision statements are meant to be ____. ambitious
    The basic outcomes of information security governance should
    include risk management by executing appropriate measures to True
    manage and mitigate threats to information resources.

    2/3
    Management of Information Security Notes Chapter 2 -- Planning for Secu
    rity
    Study online at https://quizlet.com/_22u0pn
    ____ plans are used to organize the ongoing, day-to-day perfor-
    Operational
    mance of tasks.
    For any top-down approach to security implementation to suc-
    ceed, the initiative must have a(n) ____ with influence to move champion
    the project forward.
    In a(n) methodology, a problem is solved based on a structured
    True
    sequence of procedures.
    Organizations following the IDEAL Governance framework would
    determine where you are relative to where you want to be in the False
    evaluation phase.

    3/3

    You might also like