Assurance is the process of examining a computer product or system with respect to certain criteria.
2. Problems with providing strong computer security involve only the design phase.
3. IT security management has evolved considerably over the last few decades due to the rise in risks to networked systems.
4. To ensure that a suitable level of security is maintained, management must follow up the implementation with an evaluation of the effectiveness of the security controls.
MULTIPLE CHOICES QUESTIONS
5. __________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
A. Availability C. System Integrity
B. Privacy D. Data Integrity
Answer
6. Security classes are referred to as __________.
A. security clearances B. security classifications
C. security levels D. security properties
Answer
7. __________ ensures that critical assets are sufficiently protected in a cost-effective manner.
A. IT control B. IT security management
C. IT discipline D. IT risk implementations
Answer
8. The intent of the ________ is to provide a clear overview of how an organization's IT infrastructure supports its overall business objectives.
A. risk register B. corporate security policy
c. vulnerability source D. threat assessment
Answer
9. Which of the following supports the Defense-in-depth strategy?
A. Abstraction B. Data Hiding
C Layering D. Encryption
Answer
10. The objective of the ________ control category is to avoid breaches of any law, statutory, regulatory, or contractual obligations, and of any security requirements.
A. Access
B. Asset management
C. Compliance
D. Business continuity management
Answer
11. Which of the following is not a security architecture framework?
A. Sherwood Applied Business Security Architecture (SABSA)
B. NIST Special publication 800-53
C. ISO 27001 & 27002
D. Open Web Application Security Project (OWASP)
Answer
12. Which security management is considered complimentary to ISO/27001 & 20072
A. SABA
B. COBIT
C. NIST Special publication 800-53
D. OWASP
Answer
13. The objective of the ________ control category is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption.
A. asset management
B. business continuity management
C. information security incident management
D. physical and environmental security
Answer
FILL-IN THE BLANK QUESTIONS
14. A loss of _________ is the disruption of access to or use of information or an information system.
Answer
15. A subject is said to have a security _________ of a given level.
Answer
16. ISO details a model process for managing information security that comprises the following steps: plan, do, ________, and act.
Answer
17. A _________ on an organization's IT systems identifies areas needing treatment.
Answer: Risk Assessment
Answer Table
|
True/False
|
Answer
|
|
1
|
|
|
2
|
|
|
3
|
|
|
4
|
|
|
Multiple Choices
|
|
|
5
|
|
|
6
|
|
|
7
|
|
|
8
|
|
|
9
|
|
|
10
|
|
|
11
|
|
|
12
|
|
|
13
|
|
|
Short Answer
|
|
|
14
|
|
|
15
|
|
|
16
|
|
|
17
|
|
SHORT ANSWER QUESTIONS
18. Consider a desktop publishing system used to produce documents for various organizations. Give an example in which system availability is the most impotent requirement. Please be very brief.
Answer:
19. The necessity of the "no read up" rule for a multilevel security is fairly obvious. What is the importance of the "no write down" rule?
Answer
20. List and briefly define the five alternatives for treating identified risks.
Answer: