FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 4: Planning for Security

Show Answer

Share

---

All types

Filters

Study Flashcards

Question 31

Multiple Choice

Review LaterAdd Note

Review Later

A(n) _________ is a document containing contact information for the people to be notified in the event of an incident.

A) emergency notification system
B) alert roster
C) phone list
D) call register

Correct Answer

verified

Show Answer

Question 32

True/False

Review LaterAdd Note

Review Later

Some policies may also need a(n) sunset clause indicating their expiration date. _________________________

Correct Answer

verified

Show Answer

Question 33

Short Answer

Review LaterAdd Note

Many organizations have policies that prohibit the installation of _________________________ tools without the written permission of the CISO.

It is good practice for the policy _________________________ to solicit input both from technically adept information security experts and from business-focused managers in each community of interest when making revisions to security policies.

​Security __________ are the areas of trust within which users can freely communicate.

__________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection.

In 2016, NIST published a new Federal Master Cybersecurity Framework to create a mandatory framework for managing cybersecurity risk for the delivery of critical infrastructure services at every organization in the United States, based on vendor-specific technologies.

The security ____________________ is an outline or structure of the organization's overall information security strategy that is used as a road map for planned changes to its information security environment.

Computer ____________________ is the process of collecting, analyzing, and preserving computer-related evidence.

A cold site provides many of the same services and options of a hot site, but at a lower cost.

NIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans, and provides detailed methods for assessing, designing, and implementing controls and plans for applications of varying size.

One of the basic tenets of security architectures is the layered implementation of security, which is called defense in redundancy. _________________________

A(n) DR plan ensures that critical business functions continue if a catastrophic incident or disaster occurs. _________________________

The ISO/IEC 27000 series is derived from an earlier standard, BS7799.

​An attack, breach of policy, or other incident always constitutes a violation of law, requiring notification of law enforcement.

Standards may be published, scrutinized, and ratified by a group, as in formal or ________ standards.

When BS 7799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems?

The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the __________ side of the organization.

A(n) ________ plan is a plan for the organization's intended strategic efforts over the next several years.

____________________-specific security policies often function as standards or procedures to be used when configuring or maintaining systems.