Quiz #3 Study guide
Quiz #3 Study guide IST-456
Popular in Information Security Management
Popular in Department
This 3 page Study Guide was uploaded by Matt Curtis on Wednesday March 4, 2015. The Study Guide belongs to IST-456 at Pennsylvania State University taught by Dr. Gerry Santoro in Spring2015. Since its upload, it has received 989 views.
Reviews for Quiz #3 Study guide
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 03/04/15
IST 456 4 March 2015 Security Policy amp Developing the Security Program Quiz 3 Study Guide 1 Policies must also specify the penalties for unacceptable behavior and define an a Appeals process b Legal recourse c Responsible managers d Requirements for revision 2 This is a more detailed statement identifying a measurement of behavior and specifies what must be done to comply with a policy a Procedure b Standard c Guideline d Practice 3 This type of security policy details targeted guidance to instruct all members of the organization in the use of technologybased systems a Issuespecific b Enterprise information c Systemspecific d Information 4 The ISSP should begin with a a Description of authorized access b Statement of purpose c List of prohibited usage of equipment d List of rules regarding the use of electronic documents 5 The two groups of SysSPs are managerial guidance and a Technical specifications b Business guidance c Network guidance d User specifications 6 Capability tables are also known as a System policies b User policies c System profiles d Account lists 7 These are used to control access to file storage systems object brokers or other network communication devices 10 11 12 13 14 EISPs ACLs ISSPs OIPs The policy champion and manager as de ned by NIST SP 80018 is called the a Policy developer new b Lead policy developer c Policy enforcer d Policy administrator It is recommended that this approach to creating and managing ISSPs be used a Individual b Secular c Modular d Comprehensive Which of the following variables is the most in uential in determining how to structure an information security program a Security capital budget b Organizational size c Security personnel budget d Organizational culture Small organizations spend an average of this percentage of their IT budget on security a 5 b 1 1 c 20 d 24 In this size organization the average amount spent on security per user is less than in any other type of organization a Small b Medium c Large d Very large This person may also be called the manger of security a CEO b CIO c CISO d Security watch master Which of the following would be responsible for configuring firewalls and IDSs implementing security software and diagnosing and troubleshooting problems a Security technician b Security analyst c 1 Security consultant Security manager 15 The security education training and awareness SETA program is designed to a b c 1 Reduce the occurrence of external attacks Improve the operations Reduce the incidence of accidental security breaches Increase the efficiency 16 Training for this group may require the use of consultants or outside training organizations a b C 1 General users Managers Technical users and IT staff All of these 17 Which of the following is a disadvantage of the oneonone training method a May not be responsive to the needs of all the trainees b c d In exible Content may not be customized to the needs of the organization Resource intensive to the point of being inefficient
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'