Question 1

1 / 1 pts
Systems-specific security policies are organizational policies that provide detailed, targeted guidance to
instruct all members of the organization in the use of a resource, such as one of its processes or
technologies. _____

True

Correct!

False

Question 2
1 / 1 pts
The Computer Security Resource Center at NIST provides several useful documents free of charge in its
special publications area. _____
Correct!

True

False

Question 3
1 / 1 pts
One of the basic tenets of security architectures is the layered implementation of security, which is called
defense in redundancy. _____

True

Correct!

False

This study source was downloaded by 100000853856379 from CourseHero.com on 02-12-2024 13:10:31 GMT -06:00

https://www.coursehero.com/file/209336453/cs-q3docx/
 Question 4
1 / 1 pts
The SETA program is a control measure designed to reduce the instances of _____ security breaches by
employees.

intentional

external
Correct!

accidental

physical

Question 5
1 / 1 pts
A(n) capability table specifies which subjects and objects users or groups can access. _____
Correct!

True

False

Question 6
0 / 1 pts
A(n) _____ control list is a specification of authorization that govern the rights and privileges of users to
a particular information asset.
You Answered
Access (ACL)

Correct Answers
access

Question 7

This study source was downloaded by 100000853856379 from CourseHero.com on 02-12-2024 13:10:31 GMT -06:00

https://www.coursehero.com/file/209336453/cs-q3docx/
 1 / 1 pts
_____ controls are information security safeguards that focus on the application of modern technologies,
systems, and processes to protect information assets.
Correct!
Technical

Correct Answers
Technical

Question 8
1 / 1 pts
The _____ of an organization are the intermediate states obtained to achieve progress toward a goal or
goals.
Correct!
objectives

Correct Answers
objectives

Question 9
1 / 1 pts
The policy administrator is responsible for the creation, revision, distribution, and storage of the policy.
Correct!

True

False

Question 10
1 / 1 pts
Which of these is NOT a unique function of information security management?
Correct!

hardware

This study source was downloaded by 100000853856379 from CourseHero.com on 02-12-2024 13:10:31 GMT -06:00

https://www.coursehero.com/file/209336453/cs-q3docx/
 planning

policy

programs

Question 11
1 / 1 pts
The process of _____ governance is the executive management team’s responsibility to provide strategic
direction.
Correct!
corporate

Correct Answers
corporate

Question 12
1 / 1 pts
Some policies may also need a(n) sunset clause indicating their expiration date. _____
Correct!

True

False

Question 13
Not yet graded / 1 pts
Briefly describe management, operational, and technical controls, and explain when each would
be applied as part of a security framework.

Your Answer:

This study source was downloaded by 100000853856379 from CourseHero.com on 02-12-2024 13:10:31 GMT -06:00

https://www.coursehero.com/file/209336453/cs-q3docx/
 −Management controls set the direction and scope of the security processes and
provide detailed instructions for its conduct. Management also addresses the design
and implementation of planning processes and security program for it
−Operational controls address personnel security, physical security, and the
protection of production inputs/outputs. Operational controls deal
with functionality of security in an organization, such as disaster recovery and
incident response planning. it control the guide the development
of education and training of personnel security.
−Technical controls are the tactical and technical implementations related to designing
and integrating security in the organization. these are the actual controls put in place to
implement security including access control, identification, authentication, and
classification assets and users

Management controls cover security processes that are designed by strategic planners and implemented
by an organization’s security administration. These designs include setting the direction and scope of the
security processes and provide detailed instruction for their conduct.

Operational controls deal with the functionality of security in the organization, including disaster recovery
and incident response planning.

Technical controls address tactical and technical issues related to designing and implementing security in
the organization, as well as issues related to examining and selecting appropriate technologies for
protecting information.

Question 14
1 / 1 pts
Which of these is not one of the general categories of security policy?
Correct!

Category-specific policy (CSP)

Enterprise information security policy (EISP)

Issue-specific security policy (ISSP)

Systems-specific policy (SysSP)

Question 15
1 / 1 pts

This study source was downloaded by 100000853856379 from CourseHero.com on 02-12-2024 13:10:31 GMT -06:00

https://www.coursehero.com/file/209336453/cs-q3docx/
 An information security _____ is a specification of a model to be followed during the design, selection,
and initial and ongoing implementation of all subsequent security controls, including information security
policies, security education, and training.

plan
Correct!

framework

model

policy

Question 16
1 / 1 pts
The stated purpose of ISO/IEC 27002 is to offer guidelines and voluntary directions for information
security management. _____
Correct!

True

False

Question 17
1 / 1 pts
Managerial controls set the direction and scope of the security process and provide detailed instructions
for its conduct.
Correct!

True

False

This study source was downloaded by 100000853856379 from CourseHero.com on 02-12-2024 13:10:31 GMT -06:00

https://www.coursehero.com/file/209336453/cs-q3docx/
 Question 18
1 / 1 pts
NIST 800-14's Principles for Securing Information Technology Systems can be used to make sure the
needed key elements of a successful effort are factored into the design of an information security program
and to produce a blueprint for an effective security architecture.
Correct!

True

False

Question 19
1 / 1 pts
Some policies may need a(n) _____ indicating their expiration date.
Correct!
sunset clause

Correct Answers
sunset clause

Question 20
1 / 1 pts
A security policy should begin with a clear statement of purpose. _____
Correct!

True

False

Question 21
1 / 1 pts

This study source was downloaded by 100000853856379 from CourseHero.com on 02-12-2024 13:10:31 GMT -06:00

https://www.coursehero.com/file/209336453/cs-q3docx/
 A(n) _____ plan is used to plan for the organization’s intended efforts on a day-to-day basis for the next
several months.
Correct!
operational

Correct Answers
operational

Question 22
1 / 1 pts
It is good practice for the policy _____ to solicit input both from technically adept information security
experts and from business-focused managers in each community of interest when making revisions to
security policies.
Correct!
administrator

Correct Answers
administrator

Question 23
Not yet graded / 1 pts
What three purposes does the ISSP serve?
Your Answer:
1.Addresses specific areas of technology
2.Requires frequent updates
3.Contains statement on the organization’s position on a
specific issue
The issue-specific security policy, or ISSP, 1) addresses specific areas of technology, 2) requires frequent
updates, and 3) contains a statement about the organization’s position on a specific issue.

Question 24
1 / 1 pts
Failure to develop an information security system based on the organization’s mission, vision, and culture
guarantees the failure of the information security program.
Correct!

This study source was downloaded by 100000853856379 from CourseHero.com on 02-12-2024 13:10:31 GMT -06:00

https://www.coursehero.com/file/209336453/cs-q3docx/
 True

False

Question 25
1 / 1 pts
Standards may be published, scrutinized, and ratified by a group, as in formal or _____ standards.

de formale

de public
Correct!

de jure

de facto

This study source was downloaded by 100000853856379 from CourseHero.com on 02-12-2024 13:10:31 GMT -06:00

https://www.coursehero.com/file/209336453/cs-q3docx/
Powered by TCPDF (www.tcpdf.org)