ch1
Transcript of ch1
MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question. 1)
Which of the following is NOT a state in which informatio n exists?
1)
_______ A)
Transmitted
B) Stored
Processed
D) Factor ed 2 )
Why is it important to consistent ly enforce policy, and not "go easy on someone" ?
2)
_______ A)
Tl P hor o ega li ni c w i za etio ln f is am r or ee im opo f rta nt t th han eth e oin vdi evi r du aal' ls
es should never be broken
Playing favorites D)
creates resentment
It is easier to 3)
defend in court
Which of the following is LEAST likely to lead to employee s accepting and following policy?
3)
_______ A)
I ci S nes e t th e r ro k oug i dh n utrap cini u eng pr pog ora lm is
t from the organiz ation when develo ping policies
Consistently D)
enforce policies
Make policy 4)
compliance part of the job descriptions
Why is it important to prepare written policies?
4)
_______ A)
AartS of o pth t oe h l co e i rp p cor yat e i cu sltu re p
olicies can be commu nicated more easily
This helps to D)
ensure consistency
It is required by 5)
law
Why is it important for leadership to set a tone of complianc e with policy?
5)
_______ A)
Ms T ao h nm e ae y gof a eth r m e ew nor t st off aen r de ers
e the ones that write the policies
The rest of the D)
organization feels better about following the rules
It is part of their 6)
job
When should informatio n security policies, procedure s, standards , and guidelines be revisited?
6)
_______ A)
N A nnually wr eitt ven ean rd ; pu bli osh ned c, eth ey tm hus et ybe ad ahe r re ed to
As indicated in the policy D)
When dictated by 7)
change drivers
Which is the best way to foster acceptanc e of a new policy?
7)
_______ A)
H E tin ogs n l to s dex u pl r m e ai en it eit i s
detaile d enough that everyo ne will underst and it
Involve people in D)
policy development by conducting interviews
Give everyone a 8)
copy of the policy after it is written
Which is a two wall challenge ?
8)
_______ A)
W L eness, ici hes a and the eco c lack of nnfl k awaren ict o ess t wi f about w a the th oea w lack of ch a awaren pot r ess ohe lr
Screened-subnet D)
firewall
Requiring security badges at both doors to a room
9)
Which is the preferred approach to organizing informatio n security policies, procedure s, standards , and guidelines ?
9)
_______ A)
Kse C ne epa o standar eratm ds and pe b guideli fro i nes tm hth ee pr poc oed l ur i es c, yst an dda ord cs, uan m d egu nid t eli sne s
Combine policies D)
and procedures
Keep them all
separate
10)
Why do we need the GrahamLeachBliley Act (GLBA)?
10)
______ A)
Hns T banks emu h posses ast e s can l saf i be t egun identif hard f iable pri o and c vat r whole ae min r heaa regard elth t to any car i custo oe o mer r infon grm aati non i fro zm adis t clo i sur oe
Businesses need D)
expert advice to achieve and sustain compliance
It protects banks
from lawsuits due to a lack of fair treatment of employees
11)
What should be the conseque nces of informatio n security policy violations ?
11)
______ A)
I evo C ith the m cati o critical m on mity of eof minform dall e ation i use n the ar s policy t pri u was evile r writte ges a n to r t protec et w
Always up to, and D)
including, termination
Violations should
be cited in the person's annual performance review
12)
Leadershi p by setting the example, or "do as I do", is considere d:
12)
______ A)
S onl T tive oy h leader m be e ship eem mstyle, t plo o especi hyed s ally in i wh t relatio nen e n to ginfof inform rm f ation t ati e securit hon c y asec t urit y s poli hcie os uare l ne dw
The same as D)
"management by walking around"
Ineffective in a
high-tech company
13)
Why is it important to remind people about best practice informatio n security behaviors ?
13)
______ A)
I are R nforce t aw e their are mknowl etha i edge, nt n and s ma d help unage them r em r better eent s unders s is r tand wat e expect t chi i ations hng ethe ym
This approach is a mandatory requirement of information security policies D)
Reminders are the least expensive way to ensure compliance with policies
14)
Which is the worst that may happen if informatio n security policies are out of date, or address technologi es no longer used in the organizati on?
14)
______ A)
Eana T y may xge h incur eme e unnec c nt c essary uma o costs t y mto i bec p chang vom a e ee n them ups m et
People may not D)
know which policy applies
People may take
the policies less seriously, or dismiss them entirely
15)
Which is the best goal for a new policy?
15)
______ A)
Alect A mana c the p geme c cur p nt, uren r and r t o unders atec v tood t hnoe by elog d everyo l y b ne yenv y iro r nm eent f
Secure and protect assets from foreseeable harm, and provide flexibility for the unforeseen D)
Comply with
applicable government policy
16)
Which part of the U.S. Constituti on is analogous to the first approved version of a new informatio n security policy?
16)
______ A)
Articles
B) The
Torah
Amendments
D) The
Bill of
R
1
7)
In what way are the Torah and the U.S. Constituti on like informatio n security policies?
17)
______ A)
Te T hrol h ee e yof y gov s dern e eme r f nt v i in e nour a edail s y t live hs
rules to guide behavi or in suppor t of organi zation al goals
They include D)
business rules
They contain
articles and amendments
18)
What issue is addressed by both the Bible and corporate policies?
18)
______ A)
Wm S tealing i ay t ado hpt oco um t mo n c beh oavi m ors m and ocho nice s r tha ut l ma eke s the , ove rall pgro eup oles ps l sta eble
The behavior of D)
people in power
People tend to
forget things if they are not periodically reminded of their obligations
SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question. 19)
An informatio n security ________ exists when users share account names and password s with each other.
19)
______ _______
20
)
An organizati on which does not enforce policy is said to have ________ policies.
20)
______ _______
21
)
The ________ are either elected or chosen to direct the affairs of a corporatio n, and are responsibl e for providing oversight of the informatio n security program.
21)
______ _______
22
)
According to HIPAA, private health care informatio n must remain protected from damage, misuse, and ________.
22)
______ _______
23
)
The U.S. Constituti on's ________ are the built-in framewor k that makes it possible to change the document , while still adhering to its original intent.
23)
______ _______
24
)
Match information security function each role with its responsibi lities to the right: I. Board of Directors A. Ensure that informatio n security controls are functionin g intended II. Informatio n Owner B. Approve written informatio n security policies III. Data Custodian C. Establish the controls that provide informatio n security IV. ISOD. Process and store informatio n V. Internal Auditor E. Administe r the
24)
______ _______ 25 )
Match the deal with another following terms to their meanings: I. Foreign Policy A. Policy adopted by society through legislative means to govern its people II. Law B. Civil or criminal; imposed for violations III. Policy Area C. A general topic, which relates to specific behavior and expectati ons IV. Penalty D. Standards for public and private education V. Education Policy E. Ways and means for one nation to
25)
______ _______
1 )
D 2)
A D 3 )4 )
C 5)
C 6)
D 7)
C 8)
B 9)
A 10)
B 11)
B 12)
B 13)
B 14)
D 15)
C 16)
A 17)
B 18)
A 19)
gap 20)
paper only 21)
Board of Directors 22)
disclo sure 23)
amen dments 24)
BCD EA 25)
EAC BD