Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
49 Cards in this Set
- Front
- Back
Who should routinely check on the controls and effectiveness of information security?
|
Internal auditors, or CIO
|
|
What is the most critical step in performing an information security audit?
|
Establishing a criteria
|
|
What is the ultimate goal of systems managers in providing information security?
|
To harden them
|
|
What should systems managers do to insure that periodic software modifications don’t create information security problems?
|
Change management process
|
|
How can administrators insure that data bases are secure, available, and resilient?
|
Back it up
|
|
What kind of network can be used instead of or in conjunction with the internet, to provide better information security within an organization?
|
VPN (Virtual private network)
|
|
What is the biggest information security threat created by the use of electronic social networks such as Facebook?
|
Identity theft
|
|
When is emergency response conducted?
|
When there is an emergency
|
|
What is the term used for an extreme disaster?
|
catastrophe
|
|
During a crisis, where do emergency response teams (ERT’s) gather to execute the emergency response plan (ERP)?
|
EOC (Emergency Operations Center)
|
|
Who is overall in charge of implementing the emergency response plan?
|
Incident Commander
|
|
Who is responsible for notification and dispensing necessary information to appropriate individuals and organizations during a crisis?
|
Single Point of Contact
|
|
Which federal agency, part of the US Department of Homeland Security, is responsible for disaster mitigation and response?
|
FEMA (Federal Emergency Management Agency)
|
|
What is the name of the federal plan that establishes a national framework to coordinate federal, state, local, and non-governmental entities during crises?
|
NIMS (National Incident Management System)
|
|
How important is coordination with external agencies, if Business Continuity Management is to be successful?
|
Essential
|
|
During which of the 7 phases of emergency management should relationship building with external agencies be conducted?
|
All of them
|
|
What is often the best time for an organization to work with external agencies to improve emergency response planning?
|
Immediately (ASAP)
|
|
What is the most important benefit that response agencies gain from coordinating with private sector organizations?
|
information
|
|
To what extent should an organization’s Business Continuity Plan be compliant with the National Incident Management System?
|
As much as possible
|
|
What is the name of local volunteer groups nationwide who assist emergency management personnel before, during, and after disasters?
|
Community Emergency Response Team (CERT)
|
|
Which organization is historically the most effective NGO in assisting with disaster response and recovery operations?
|
Red Cross
|
|
What is the relationship between the business continuity plan (BCP) and the business impact analysis (BIA)?
|
Integrated
|
|
Which BCP team is responsible for the immediate reaction to a crisis?
|
Emergency Response Team
|
|
Which BCP team has overall responsibility for dealing with a major crisis?
|
Crisis Management Team
|
|
In a crisis, which department coordinates with the organization’s insurers?
|
Finance Department
|
|
During a disaster, which department maintains contact with clients and prospective customers?
|
Marketing Department
|
|
In a crisis, which department implements the use of alternate computer sites?
|
Information Technology Department (IT)
|
|
In a crisis, which department stays in contact with all employees?
|
Human Resources (HR)
|
|
Why should a crisis communication plan have a single point of contact for information provided to the media?
|
Avoid confusion (conflicting reports)
|
|
In dealing with the media, how detailed should responses be?
|
Simple
|
|
In dealing with the media, what is the role of honesty? Placing blame?
|
Always be honest, NEVER place blame
|
|
In dealing with the media, when should questions be avoided? When should “no comment” be the spokesperson’s response?
|
NEVER avoid questions, NEVER use “no comment”
|
|
When should matters be discussed “off the record”?
|
NEVER
|
|
What is the biggest problem in using electronic networks to maintain crisis communications?
|
Power Goes Down
|
|
What is the most important new electronic network tool available for use in crisis communications?
|
Social Media
|
|
What is the degree of reliability of most information received by crisis management personnel during an emergency?
|
Bad
|
|
Post-crisis analysis of data collected during a crisis can help identify what items of value?
|
Trends or Patterns (Commonalities)
|
|
Crisis management personnel use a crisis information management system to analyze the totality of the event. This enables emergency staff to maintain what kind of awareness?
|
Situational Awareness
|
|
A crisis information management system can enhance a community’s disaster preparedness by providing what kind of information before and during an emergency?
|
Early Warning
|
|
One type of recovery tool is a database that matches sources of humanitarian aid with WHAT?
|
Needs
|
|
A modern development is to collect data about a crisis by soliciting inputs from people at the scene of the disaster. What is the name of this technique?
|
Crowd Sourcing
|
|
What is the biggest challenge/potential problem with crisis information collected from unknown sources?
|
Can't rely on it
|
|
Which employees should be made aware of the organization’s business continuity management plan?
|
All of them
|
|
What is the role of senior management in achieving an organization’s goals in business continuity management?
|
Provide full support
|
|
What is the most important benefit that can result from testing and exercising a business continuity management plan?
|
Finding flaws
|
|
Which of the different types of plan exercises is the most commonly conducted?
|
Tabletops
|
|
How often should a business continuity plan exercise be conducted?
|
Annually
|
|
Normally what should an organization’s employees be told about an upcoming business continuity plan exercise?
|
Know day & time
|
|
When should an organization’s business continuity plan be updated?
|
Continuously
|