Information Security Management 1

01: According to your textbook which of the following is NOT part of risk analysis:

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

___ Determine how likely each risk is to occur

___ Identify any risks to assets

___ Implement an acceptable use policy

___ Determine the value of assets

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

02: A risk is defined as:

___ A weakness in a system

___ A potential for exploit of a weakness in a system

___ The existence of a weakness in a system and the potential for an exploit

___ An attempted security attack

03: If a manager obtains insurance for damage to an asset, this is called risk transference:

___ True

___ False

04: Managers should declare financial statements about asset values:

___ True___ False

05: A principle that a single person should not have authority to execute a critical task is called:

___ Access control

___ Separation of duties (or privileges)

___ Discretionary control

___ Confidentiality

06: Unauthorized alteration of information is a breach of:

___ Confidentiality

___ Integrity

___ Availability

___Protocol

07: Of the two types of attackers, which has the potential to do the most damage?

___ Malicious Outsiders

___ Non-Malicious Insiders

___ Non-Malicious Outsiders

___ Malicious Insiders

08: When controlling information such that only those who get the information are those who require it to do their job is called on a “need to know” basis:

___ True___ False

09: Planning to have a “hot site” to restart operations in the case of a fatal incident is part of having a:

___ Risk Assessment Plan

___ Disaster Recovery Plan

___ Vulnerability Assessment Plan

___ Business Continuity Plan

10: Planning for a “co-location” to continue business as usual in the case of an incident that disrupts operations at one site is part of having a:

___ Risk Assessment Plan___ Disaster Recovery Plan___ Vulnerability Assessment Plan___ Business Continuity Plan 

11:  SLE represents:

___ The proportion of assets that would be destroyed by a risk

___ Damage to an asset each time a risk would incur in a year

___ Number of times a risk may occur in a year

___ Damage to an asset incurred cumulatively for each year of the asset’s lifetime

12: Privilege creep means:

___ An administrator gives him or herself the ability to examine private accounts

___ An attacker uses a rootkit to escalate privileges to execute system functions

___ When someone changes roles, they accrue both old and new privileges even if they are not needed

___ When a user logs in as a normal user, the executes an “su” to become a superuser

13: The four choices that managers have when managing risks are, (1) risk avoidance, (2) risk prosecution, (3) risk acceptance, (4) risk transference.

___ True___ False

14:  The encryption algorithm AES avoids security through obscurity:

___ True___ False

15:  A security policy is a written document only:

___ True___ False

16: Even though very simplistic, security “checklists” such as the ISO 27000: 27001/27002 (17799) – also known as the ISO 27000 (or ISO27K) family of standards is useful for security auditing in preparation for or as part of a security certification:

___ True___ False  

17: Conducting background checks on employees is illegal in the United States:

___ True___ False

18: Least privilege means allocating only the minimum set of privileges required to perform a job function:

___ True___ False

Short Essay:

19:  Give a brief explanation of the differences between risk assessment and risk management. Give as an example the name of at least one standard or framework that is used for each one:

 

20:  Briefly describe what responsibilities managers have in terms of security. In this description, note that managers in this context are not security officers or officers of a company and do NOT have fiduciary responsibilities. In other words, what are minimum security standards managers must adhere to regardless of their position?

Still stressed with your coursework?
Get quality coursework help from an expert!