CSIS 340 MIDTERM EXAM – Studies in Information Security -QUESTIONS AND ANSWERS.

CSIS 340 MIDTERM EXAM – Studies in Information Security -QUESTIONS AND ANSWERS / CSIS 340 MIDTERM EXAM – Studies in Information Security -QUESTIONS AND ANSWERS. Which of the following is not a type of security control? The key to determining if a business will implement any policy is? _____ is a promise not to disclose to any third party information covered by the agreement. A _____ is a term that refers to a network that limits what and how computers are able to talk to each other. Which of the following are control objectives for PCI DSS? Which of the following does a policy change control board do? HOW IS RISK REDUCED IN THE LAN-TO-WAN DOMAIN? The Risk IT framework process model is built on which three domains? Security _____ are the technical implementations of the policies defined by the organization. What term relates to the number of layers and number of direct reports found in an organization? Monitoring should detect which of the following? Information used to open or access a bank account is generally considered? Policies are the key to repeatable behavior. To achieve repeatable behavior, you must measure both _____ and _____. Which of the following attempts to identify where sensitive data is currently stored? Policy acceptance challenges include? WHAT IS AN INFORMATION SECURITY POLICY? PCI DSS provides highly specific technology requirements for handling _____ data. _____ conduct periodic risk-based reviews of information resources security policies and procedures. Which of the following is a generally accepted and widely used policy framework? Which of the following is the first step in establishing an information security program? Well-defined and properly implemented security policies help the business in which of the following ways? The _____ principle recommended for industry best practice, is written in order to inform owners, providers, and users of information systems, and other parties of the existence and general context of policies, responsibilities, practices, procedures, and organization for security of information systems. _____ is an international governance and controls framework and a widely accepted standard for assessing, governing, and managing IT security and risks. The ______ shifts responsibility to the owner to operate a system when certification and accreditation is achieved. Using the steps in Kotter’s Eight-Step Change Model, what are the roles and responsibilities involved in the change process? WHICH OF THE FOLLOWING IS A PCIDSS NETWORK REQUIREMENT? _____ is the ability to reasonably ensure conformity and adherence to both internal and external policies, standards, procedures, laws, and regulations? Many of the business benefits of Internet access over mobile devices include which of the following? Within the user domain, some of the ways in which risk can be mitigated include: awareness, enforcement, and ___________. Policies and procedures differ, because policies are _____ and procedures are _____. What is policy compliance? Overcoming the effects of apathy on security policies includes _____. Implementation and enforcement of policies is a challenge. The biggest hindrance to implementation of policies is the _______ factor. The _____ principle recommended for industry best practice, is written in order to consider everyone affected, including technical, administrative, organizational, operational, commercial, educational, and legal personnel. Devices and objects with built in _____________ are connected to an Internet of Things platform, which integrates data from the different devices and applies analytics to share the most valuable information with applications built to address specific needs. WHICH PERSONALITY TYPE OFTEN BREAKS THROUGH BARRIERS THAT PREVIOUSLY PREVENTED SUCCESS? So, in the following is not a key area of improvement noted after COBIT implementation? Which of the following is the best measure of success for a security policy? Security personnel need to be aware of policy and standards change requirements. Business drivers for policy and standards changes may include _____? When should a wireless security policy be initially written? The Seven Domains of a typical IT infrastructure include? You can get a basic understanding if individuals are being held accountable for adherence to security policies by examining these basic measurements. (CSIS 340 midterm exam) When a catastrophic security breach occurs, who is ultimately held accountable by regulators and the public? When building a policy framework, which of the following information systems factors should be considered? AMONG OTHER THINGS, SECURITY AWARENESS PROGRAMS MUST EMPHASIZE VALUE, CULTURE, AND _____. To achieve repeatable behavior of policies, you must measure both _____ and _____. The basic elements of motivation include pride, success, and __________. Which type of control is associated with responding to and fixing a security incident? Good security policies mitigate risk through? Generally, remote authentication provides which of the following?