mod 2 itn 266

In order to demonstrate support for security, top management must ________.

follow security procedures themselves

 

ensure that security has an adequate budget

 

support security when there are conflicts between the needs of security and the needs of other business functions

(all)

________ specifically addresses data protection requirements at financial institutions.

GLBA (Gramm-Leach-Bliley Act): A law that requires financial institutions to protect customers' private information and disclose how they share it.

In FISMA, ________ is done internally by the organization.

Correct!

 

Both certification and accreditation

The goal of IT security is reasonable risk reduction.

True, reasonable risk reduction

Strong security can be an enabler, allowing a company to do things it could not do otherwise.

True, it builds trust, improves efficiency and opens new opportunism to secure new technologies and business ideas.

A benefit of using MSSPs is that they provide ________.

cost savings and independence

Which companies do PCI-DSS affect?

 

companies that accept credit card payments

To outsource some security functions, a firm can use an MISP.

False,

(Malware Information Sharing Platform) is not designed for outsourcing security functions. Instead, MISP is an open-source platform used for sharing, storing, and analyzing threat intelligence, such as malware indicators, to enhance cybersecurity defenses.

The first step in developing an IT security plan is to ________.

 

assess the current state of the company's security

asses

define

identify

conduct risk assessment

develop policies

implement

The stage of the plan-protect response cycle that consumes the most time is ________.

Protection

In the plan-protect-response cycle, the protection stage typically consumes the most time because it involves implementing and maintaining security measures to safeguard systems and data.

What is missing from the definition of response as "recovery"?

The phrase "according to plan" must be added to "recovery."

Which of the following is a formal process?

Both annual corporate planning and planning and developing individual countermeasures

After performing a preliminary security assessment, a company should develop a remediation plan for EVERY security gap identified.

True

Once a company's resources are enumerated, the next step is to ________.

 

classify them according to sensitivity

What type of organization is subject to FISMA?

 

government organizations

mandates that these agencies implement comprehensive information security programs to protect government data and operations. It also applies to contractors and other entities working with federal agencies, ensuring they adhere to the same security standards.

Planning, protection, and response follow a fairly strict sequence from one stage to another

 

False.

Planning, protection, and response do not follow a strict sequence; instead, they often overlap and interact dynamically.

Many compliance regimes require firms to adopt specific formal governance framework to drive security planning and operational management.

 

True

Many compliance regimes mandate that organizations adopt formal governance frameworks to guide their security planning and operational management. These frameworks ensure that security measures are systematically implemented, monitored, and aligned with regulatory requirements. They help organizations maintain compliance, protect sensitive data, and manage risks effectively. Examples of such frameworks include ISO 27001 and NIST Cybersecurity Framework.

The manager of the security department often is called ________.

 

Either the chief security officer (CSO) and the chief information security officer (CISO)

________ examines financial processes for efficiency, effectiveness, and adequate controls.

 

Financial auditing