The ____ explicitly declares the business of the organization and its intended areas of operations.
The ____ statement contains a formal set of organizational principles, standards, and qualities.
Which of the following is true?
Strategic plans are used to create tactical plans
____ plans are used to organize the ongoing, day-to-day performance of tasks.
Which of the following is NOT a significant benefit of information security governance?
All of these are benefits of information security governance
Which of the following is an information security governance responsibility of the organization’s employees?
Implement policy, report security vulnerabilities and breaches
The ____ plan focuses on restoring operations at the primary site.
In CP, an unexpected event is called a(n) ____.
Which of the following is a probable indicator of an actual incident?
Presence of new accounts
A document that contains contact information on the individuals to be notified in the event of an actual incident is called a(n) ____.
A scripted set of instructions about an incident is known as a(n) ____.
A(n) ____ entails a detailed examination of the events that occurred from first detection to final recovery.
Crisis management is designed to deal primarily with ____.
When a disaster threatens the viability of an organization at the primary site, the ____ is started.
business continuity process
A ____ is a fully configured computer facility that needs only the latest data backups and the personnel to function.
____ is the transfer of live transactions to an off-site facility.
____ is a method of testing contingency plans in which each involved person works individually to simulate the performance of each task.
The ____ layer is the outermost layer of the bull’s-eye model, hence the first to be assessed for marginal improvement.
____ comprise a set of rules that dictates acceptable and unacceptable behavior within an organization.
Which of the following is a type of information security policy that deals with the entirety of an organization’s information security efforts?
Enterprise information security policy
The ISSP should begin with a ____.
statement of purpose
Which of the following sections of the ISSP should provide instructions on how to report observed or suspected violations?
Violations of Policy
The two groups of SysSPs are managerial guidance and ____.
Configuration codes entered into security systems to guide the execution of the system when information is passing through it are called ____.
Typically, the information security policy administrator is ____.
a mid-level staff member
A ____ specifies which subjects and objects users or groups can access.
For instance, if policy mandates that all employees wear identification badges in a clearly visible location, and select members of management decide they are not required to follow this policy, any actions taken against other employees will ____.
not withstand legal challenge
Which of the following is true about information security policy?
It must be able to stand up in court, if challenged
Which of the following variables is the most influential in determining how to structure an information security program?
___ is the term used to describe the structure and organization of the effort that strives to contain the risks to the information assets of the organization.
information security program
A medium-sized organization has ____.
larger security needs than a small organization
n ____ organizations, the average amount spent on security per user is less than in any other type of organization.
Which of the following functions needed to implement the information security program implements and oversees the use of controls to reduce risk?
In large organizations the information security department is often headed by the CISO who reports directly to the ____.
top computing executive or Chief Information Officer
_ are accountable for the day-to-day operation of the information security program.
Which of the following would be responsible for configuring firewalls and IDSs, implementing security software, and diagnosing and troubleshooting problems?
A security technician
The security education, training, and awareness (SETA) program is designed to ____ by/of members of the organization.
reduce the incidence of accidental security breaches
____ involves providing members of the organization with detailed information and hands-on instruction to enable them to perform their duties securely.
An outline of an information security blueprint is called a(n) ____.
The principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties is known as ____.
Controls that remedy a circumstance or mitigate damage done during an incident as called ____,
Controls that are structured and coordinated within a data classification scheme that rates each collection of information as well as each user are called ____.
mandatory access controls
____ specifies the authorization classification of information asset an individual user is permitted to access, subject to the need-to-know principle.
Question 44 (1 point)
Question 44 Saved
Under the Bell-LaPadula model, the ____ property prohibits a high-level subject from sending messages to a lower-level object. In short, subjects can read down and objects can write or append up.
Under the Biba model, the ____ property permits a subject to have write access to an object only if the security level of the subject is equal to or higher than that of the object.
Which of the following is NOT a change control principle of the Clark-Wilson model?
No changes by authorized subjects without external validation
The ___ or Chinese Wall model is designed to prevent a conflict of interest between two parties.
Which of the following is NOT a purpose of the ISO/IEC 17799 (later 27002) standard?
All of these are correct
____ is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks. It enables clear policy development and good practice for IT control throughout organizations.
The cornerstone of the ISO/IEC 27001 standard is a set of processes known as the ____ cycle.
Need essay sample on "HIMT 340 Exam 1"? We will write a custom essay sample specifically for you for only $ 13.90/page