Scribd
Upload
1K views9 pages

Info Assurance 2 Midterm

This document contains a series of questions and answers about information security policies. It discusses the need for prudent policy setters to assess threats and assign levels of concern. It also addresses that technical measures can prevent unauthorized actions but not authorized ones. The final summary is that a security policy is a concise statement by senior management of information values, protection responsibilities, and organizational commitment.

Uploaded by

Ochoa Bryan-san
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
1K views9 pages

Info Assurance 2 Midterm

This document contains a series of questions and answers about information security policies. It discusses the need for prudent policy setters to assess threats and assign levels of concern. It also addresses that technical measures can prevent unauthorized actions but not authorized ones. The final summary is that a security policy is a concise statement by senior management of information values, protection responsibilities, and organizational commitment.

Uploaded by

Ochoa Bryan-san
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
You are on page 1/ 9

Question 1

Complete
Mark 1.00 out of 1.00

Flag question

Question text

In any particular circumstance, some threats are more probable than others, and aAnswer
prudent policy setter
must assess the threats, assign a level of concern to each, and state a policy
in terms of which threats are to be resisted.

Answer: prudent policy setter

Question 2
Complete
Mark 1.00 out of 1.00

Flag question

Question text

Technical measures
Answer may prevent people from doing unauthorized things but cannot prevent
them from doing things that their job functions entitle them to do.

Answer: Technical measures

Question 3
Complete
Mark 1.00 out of 1.00

Flag question
Question text

active
Computers areAnswer entities, and programs can be changed in a twinkling, so
that past happiness is no predictor of future bliss.

Question 4
Complete
Mark 1.00 out of 1.00

Flag question

Question text

As viruses have escalated from a hypothetical to a commonplace threat, it has become


necessary to rethink such policies in regard to methods of distribution and acquisition
software
ofAnswer .

Question 5
Complete
Mark 1.00 out of 1.00

Flag question

Question text

security policy
To be useful, aAnswer must not only state the security need (e.g., for
confidentiality—that data shall be disclosed only to authorized individuals), but also address
the range of circumstances under which that need must be met and the associated
operating standards.

Question 6
Complete
Mark 1.00 out of 1.00

Flag question
Question text

The framework within which an organization strives to meet its needs for information
security policy
security is codified asAnswer .

Question 7
Complete
Mark 1.00 out of 1.00

Flag question

Question text

management controls
SomeAnswer are explicitly concerned with protecting information and
information systems, but the concept of management controls includes much more than a
computer's specific role in enforcing security.

Answer: management controls

Question 8
Complete
Mark 1.00 out of 1.00

Flag question

Question text

Management controls
Answer are the mechanisms and techniques—administrative, procedural,
and technical—that are instituted to implement a security policy.

Question 9
Complete
Mark 1.00 out of 1.00

Flag question
Question text

Management controls
Answer are the mechanisms and techniques—administrative, procedural,
and technical—that are instituted to implement a security policy.

Answer: Management controls

Question 10
Complete
Mark 1.00 out of 1.00

Flag question

Question text

program of mana
An effectiveAnswer controls is needed to cover all aspects of information
security, including physical security, classification of information, the means of recovering
from breaches of security, and above all training to instill awareness and acceptance by
people.

Answer: program of management

Question 11
Complete
Mark 1.00 out of 1.00

Flag question

Question text

articulation
A major conclusion of this report is that the lack of a clearAnswer of security
policy for general computing is a major impediment to improved security in computer
systems.

Question 12
Complete
Mark 1.00 out of 1.00
Flag question

Question text

One can implement that policy by taking specific actions guided by management control
mechanisms
principles and utilizing specific security standards, procedures, andAnswer .

Question 13
Complete
Mark 1.00 out of 1.00

Flag question

Question text

residual risk
TheAnswer must be managed by auditing, backup, and recovery procedures
supported by general alertness and creative responses.

Question 14
Complete
Mark 1.00 out of 1.00

Flag question

Question text

organization
AnAnswer must have administrative procedures in place to bring peculiar
actions to the attention of someone who can legitimately inquire into the appropriateness
of such actions, and that person must actually make the inquiry.

Question 15
Complete
Mark 1.00 out of 1.00
Flag question

Question text

security policy
AAnswer is a concise statement, by those responsible for a system (e.g.,
senior management), of information values, protection responsibilities, and organizational
commitment.

Question 1
Complete
Mark 1.00 out of 1.00

Flag question

Question text

The weight given to each of the three major requirements describing needs for information
security—confidentiality, integrity, and availability—depends strongly onAnswer
circumstances
.

Question 2
Complete
Mark 1.00 out of 1.00

Flag question

Question text

Trojan horse
WithAnswer attacks, for example, even legitimate and honest users of an owner
mechanism can be tricked into disclosing secret data.

Question 3
Complete
Mark 1.00 out of 1.00
Flag question

Question text

system
AAnswer that must be restored within an hour after disruption represents, and
requires, a more demanding set of policies and controls than does a similar system that
need not be restored for two to three days.

Question 4
Complete
Mark 1.00 out of 1.00

Flag question

Question text

competitive
Early disclosure may jeopardizeAnswer advantage, but disclosure just before
the intended announcement may be insignificant.

Question 5
Complete
Mark 1.00 out of 1.00

Flag question

Question text

Confidentiality
Answer is a requirement whose purpose is to keep sensitive information from
being disclosed to unauthorized recipients.

Question 1
Complete
Mark 1.00 out of 1.00
Flag question

Question text

external systems
The requirements for applications that are connected toAnswer will differ
from those for applications without such interconnection.

Question 2
Complete
Mark 1.00 out of 1.00

Flag question

Question text

Confidentiality
Answer :controlling who gets to read information.

Question 3
Complete
Mark 1.00 out of 1.00

Flag question

Question text

national defense
For aAnswer , the chief concern may be ensuring the confidentiality of classified
information, whereas a funds transfer system may require strong integrity controls.

Answer: national defense system

Question 4
Complete
Mark 1.00 out of 1.00
Flag question

Question text

Availability
Answer : assuring that authorized users have continued access to information
and resources.

Question 5
Complete
Mark 1.00 out of 1.00

Flag question

Question text

Integrity
Answer :assuring that information and programs are changed only in a
specified and authorized manner.

You might also like