logo image

HIMT 340 Exam 1

The ____ explicitly declares the business of the organization and its intended areas of operations.
mission statement
The ____ statement contains a formal set of organizational principles, standards, and qualities.
values statement
Which of the following is true?
Strategic plans are used to create tactical plans
____ plans are used to organize the ongoing, day-to-day performance of tasks.
Which of the following is NOT a significant benefit of information security governance?
All of these are benefits of information security governance
Which of the following is an information security governance responsibility of the organization’s employees?
Implement policy, report security vulnerabilities and breaches
The ____ plan focuses on restoring operations at the primary site.
In CP, an unexpected event is called a(n) ____.
Which of the following is a probable indicator of an actual incident?
Presence of new accounts
A document that contains contact information on the individuals to be notified in the event of an actual incident is called a(n) ____.
alert roster
A scripted set of instructions about an incident is known as a(n) ____.
alert message
A(n) ____ entails a detailed examination of the events that occurred from first detection to final recovery.
after-action review
Crisis management is designed to deal primarily with ____.
When a disaster threatens the viability of an organization at the primary site, the ____ is started.
business continuity process
A ____ is a fully configured computer facility that needs only the latest data backups and the personnel to function.
hot site
____ is the transfer of live transactions to an off-site facility.
remote journaling
____ is a method of testing contingency plans in which each involved person works individually to simulate the performance of each task.
A simulation
The ____ layer is the outermost layer of the bull’s-eye model, hence the first to be assessed for marginal improvement.
____ comprise a set of rules that dictates acceptable and unacceptable behavior within an organization.
Which of the following is a type of information security policy that deals with the entirety of an organization’s information security efforts?
Enterprise information security policy
The ISSP should begin with a ____.
statement of purpose
Which of the following sections of the ISSP should provide instructions on how to report observed or suspected violations?
Violations of Policy
The two groups of SysSPs are managerial guidance and ____.
Technical specifications
Configuration codes entered into security systems to guide the execution of the system when information is passing through it are called ____.
configuration rules
Typically, the information security policy administrator is ____.
a mid-level staff member
A ____ specifies which subjects and objects users or groups can access.
capability table
For instance, if policy mandates that all employees wear identification badges in a clearly visible location, and select members of management decide they are not required to follow this policy, any actions taken against other employees will ____.
not withstand legal challenge
Which of the following is true about information security policy?
It must be able to stand up in court, if challenged
Which of the following variables is the most influential in determining how to structure an information security program?
Organizational culture
___ is the term used to describe the structure and organization of the effort that strives to contain the risks to the information assets of the organization.
information security program
A medium-sized organization has ____.
larger security needs than a small organization
n ____ organizations, the average amount spent on security per user is less than in any other type of organization.
very large
Which of the following functions needed to implement the information security program implements and oversees the use of controls to reduce risk?
risk management
In large organizations the information security department is often headed by the CISO who reports directly to the ____.
top computing executive or Chief Information Officer
_ are accountable for the day-to-day operation of the information security program.
security managers
Which of the following would be responsible for configuring firewalls and IDSs, implementing security software, and diagnosing and troubleshooting problems?
A security technician
The security education, training, and awareness (SETA) program is designed to ____ by/of members of the organization.
reduce the incidence of accidental security breaches
____ involves providing members of the organization with detailed information and hands-on instruction to enable them to perform their duties securely.
An outline of an information security blueprint is called a(n) ____.
The principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties is known as ____.
least prvilege
Controls that remedy a circumstance or mitigate damage done during an incident as called ____,
Controls that are structured and coordinated within a data classification scheme that rates each collection of information as well as each user are called ____.
mandatory access controls
____ specifies the authorization classification of information asset an individual user is permitted to access, subject to the need-to-know principle.
Security clearances
Question 44 (1 point)
Question 44 Saved

Under the Bell-LaPadula model, the ____ property prohibits a high-level subject from sending messages to a lower-level object. In short, subjects can read down and objects can write or append up.

star (*)
Under the Biba model, the ____ property permits a subject to have write access to an object only if the security level of the subject is equal to or higher than that of the object.
intergrity *
Which of the following is NOT a change control principle of the Clark-Wilson model?
No changes by authorized subjects without external validation
The ___ or Chinese Wall model is designed to prevent a conflict of interest between two parties.
Which of the following is NOT a purpose of the ISO/IEC 17799 (later 27002) standard?
All of these are correct
____ is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks. It enables clear policy development and good practice for IT control throughout organizations.
The cornerstone of the ISO/IEC 27001 standard is a set of processes known as the ____ cycle.

Need essay sample on "HIMT 340 Exam 1"? We will write a custom essay sample specifically for you for only $ 13.90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
Complete Buyer Protection
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy