Quiz #2 study guide
Quiz #2 study guide IST-456
Popular in Information Security Management
CSCI A110: Intro to Computers and Computing
verified elite notetaker
verified elite notetaker
Popular in Department
This 3 page Study Guide was uploaded by Matt Curtis on Tuesday February 17, 2015. The Study Guide belongs to IST-456 at Pennsylvania State University taught by Dr. Gerry Santoro in Spring2015. Since its upload, it has received 902 views.
Reviews for Quiz #2 study guide
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 02/17/15
IST 456 17 February 2015 Planning for Security amp Contingencies Study Guide 1 Budgeting resource allocation and manpower are critical components of this plan a Strategic b Operational c Organizational 1 Tactical 2 Operational plans are used by a Managers b Security managers c CISO 1 C10 3 This explicitly declares the business of the organization and its intended areas of operations a Vision statement b Values statement c Mission statement 1 Business statement 4 Vision statements are meant to be a Probable b Realistic c Factual d Ambitious 5 This must be addressed at the highest levels of an organization s management team in order to be effective and offer a sustainable approach 3 Information security objectives b Information security plans c Information security governance 1 Information security practices 6 According to the Corporate Governance Task Force CGTF in order to build programs suited to their needs organizations should do all but Which of the following a Conduct an annual InfoSec evaluation b Implement policies and procedures based on risk assessments c Survey employees to determine their attitudes regarding security 1 Create and execute a plan for remedial action to address deficiencies 7 This phase of the security systems development life cycle SecSDLC assesses the organization s readiness its current systems status and its capability to implement and then support the proposed systems a Physical design 10 11 12 13 14 b Implementation c Investigation 1 Analysis This category of threat describes an act of human error or a failure a Piracy b Accidents c Blackmail or information disclosure 1 Deliberate act of theft Which of the following is an information security governance responsibility of the CISO a Communicates all policies and the program b Translates the overall strategic security plan into tactical and operational plans c Brief the board customers and the public 1 Implement policy report security vulnerabilities and breaches This is a formal approach to solving a problem based on a structured sequence of procedures a Plan b Methodology c Program 1 Control This plan focuses on the immediate response to an incident 3 DR b IR c FR 1 BC This team collects information about information systems and the threats they face and creates the contingency plans for incident response disaster recovery and business continuity a Incidence response team b Contingency planning management team c Disaster recovery coordination team 1 Business continuity planning team Which of the following is a responsibility of the crisis management team a Restoring from backups b Evaluating the monitoring capabilities c Activating the alert roster d Restoring the services and processes in use The disaster recovery plan DRP is usually managed by the a CEO b COO c CISO 1 IT community of interest 15 This is a fullyconfigured computer facility that only needs the latest data backups and the personnel to function a Hot site b Warm site c Cold site 1 Service Bureau 16 The responsibility for creating an organization s IR plan usually falls to the a C10 b Network administrators c Help desk 1 CISO 17 The three categories of incident indicators identified by DL Pipkin are possible probable and a Likely b Improbable c Definite d Unlikely Answers PWHPP PPPL r tr tr tr tr t PPPquot H U bcgtcowwwcwcogtcogtc 16 H l
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'