Immediate determination of the scope of the breach of confidentiality, integrity, and availability of information and information assets is called
incident damage assessment
.
Which of the following sets the direction and scope of the security process and provide detailed instruction for its conduct group answer choices?
Managerial controls
set the direction and scope of the security process and provide detailed instructions for its conduct.
Which type of security policy sets the strategic direction scope and tone for an organization’s security efforts?
An enterprise information security policy (EISP)
—also known as a security program policy, general security policy, IT security policy, high-level information security policy or information security policy—sets the strategic direction, scope, and tone for all of an organization’s security efforts.
What are five key elements that a security policy should have in order to remain viable over time quizlet?
To remain viable, security policies must have a responsible manager,
a schedule of reviews, a method for making recommendations for reviews, and a policy issuance and revision date
.
What is the first phase in the development planning process quizlet?
The first phase in the development planning process is
to conduct a GAPS (goals, abilities, perceptions, standards) analysis
. A GAPS analysis helps leadership practitioners to gather and categorize all pertinent development planning information.
What are the three types of security policies?
- Organizational (or Master) Policy.
- System-specific Policy.
- Issue-specific Policy.
What is the purpose of an issue-specific security policy?
An issue-specific security policy, or ISSP for short, is developed by
an organization to outline the guidelines that govern the use of individual technologies in that organization
.
What is the most common failure of a security policy in an environment?
3) The most common failure of a security policy is
the lack of user awareness
. The most effective way of improving security is through user awareness.
Which of the following set the direction and scope of the security process and provide detailed?
Managerial controls
set the direction and scope of the security process and provide detailed instructions for its conduct.
What is the primary goal of writing an information security policy?
First state the purpose of the policy which may be to:
Create an overall approach to information security
. Detect and preempt information security breaches such as misuse of networks, data, applications, and computer systems. Maintain the reputation of the organization, and uphold ethical and legal responsibilities.
Is a strategy for the protection of information assets that uses multiple?
Defense in depth
is secure strategy used for the protection of information assets that employs the use of multiple layers and different types of controls to provide optimal protection. The phrase “defense in depth” is often associated with the field of cyber-security.
Which one of the following is a key element of an acceptable use policy?
An acceptable use policy usually:
Includes specific rules
, such as no video pirating. Outlines consequences for breaking the rules, such as warnings or suspension of access. Details an organization’s philosophy for granting access (for example, internet use is a privilege that can be revoked, rather than a right)
Which of the following defines security policy?
A security policy is a
written document in an organization outlining how to protect the organization from threats
, including computer security threats, and how to handle situations when they do occur. A security policy must identify all of a company’s assets as well as all the potential threats to those assets.
Which of the following are steps in the planning process quizlet?
Identify Objectives, Identify current arrangements, understand the premises
, identify alternatives, implement the plan.
Which of the following are steps in the planning process?
- Develop objectives.
- Develop tasks to meet those objectives.
- Determine resources needed to implement tasks.
- Create a timeline.
- Determine tracking and assessment method.
- Finalize plan.
- Distribute to all involved in the process.
Which of the following is an example of dysfunctional behavior?
Examples of Dysfunctional Behavior
A teenage couple that deals with conflict by not speaking to each other
.
A teenager with a dual-diagnosis who uses drugs to deal with their symptoms
rather than get treatment for the cause. A troubled teen who expresses anger by hitting others3.
