Studied by 16 people
Who is responsible for the determination of policies for a given system?
System owner
What five phases should be covered in an incident response policy?
Preparation, detection, containment and eradication, recovery, and follow-up actions
Generally, policies should be updated more frequently than the procedures that implement them. (T/F)
False
Which term refers to the step between the account having access and the account being removed from the system?
Account disablement
Guidelines are mandatory elements regarding the implementation of a policy. (T/F)
False
Which term describes a method to check the security of a system by simulating an attack by a malicious individual?
Penetration test
Which term generally refers to the standard of care a reasonable person is expected to exercise in all situations?
Due care
Which term generally refers to the standard of care a business is expected to exercise in preparation for a business transaction?
Due diligence
Which user type has virtually unlimited power over the system?
system administrator
Which term describes a legal document used to describe a bilateral agreement between parties regarding a set of intended actions between the parties with respect to some common pursuit or goal?
memorandum of understanding (MOU)
Which type of classification includes categories such as High, Medium, Low, Confidential, Private, and Public?
information classification
Which term describes a legal agreement between partners establishing the terms, conditions, and expectations of the relationship between the partners?
business partnership agreement (BPA)
Which term refers to ensuring each individual in the organization is supplied with only the absolute minimum amount of information and privileges they need to perform their work tasks?
need to know
Data requires a data owner. (T/F)
True
Which password best meets typical complexity requirements?
p@ssw0rD
Disabling an account is irreversible. (T/F)
False
Which term is used for people who have data responsibilities?
data owners
Which document lays out a uniform set of rules associated with partnerships to resolve any partnership terms?
Uniform Partnership Act (UPA)
What are the four steps that make up the policy lifecycle?
plan, implement, monitor, and evaluate
Which term describes a high-level statement produced by senior management that outlines both what security means to the organization and the organization's goals for security?
security policy
Maintaining proper information in security training records is a requirement of several laws and regulations. (T/F)
True
Which term refers to a contractual agreement detailing the expectations of the customer and the service provider?
service level agreement (SLA)
Which term is concerned with guaranteeing fundamental fairness, justice, and liberty in relation to an individual's legal rights?
due process
What step can be taken to evaluate the effectiveness of the security measures in place at an organization?
Perform a vulnerability assessment.
Password length is critical to password-based security. (T/F)
True
The purpose of change management is to ensure proper procedures are followed when modifications to the IT infrastructure are made. (T/F)
True
What is one leading cause of account hijacking?
improper use and/or control over passwords
Which term refers to a security principle employed in many organizations to ensure that no single individual has the ability to conduct transactions alone?
separation of duties
Before magnetic storage media (such as disks or tapes) is discarded in the trash or sold for salvage, it should have all files deleted and should be overwritten at least ________ times with all 1's, all 0's, and then random characters.
three
Nondisclosure agreements (NDAs) are frequently used to delineate the level and type of company secret information, and with whom it can be shared. (T/F)
True
