Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
10 Cards in this Set
- Front
- Back
|
The security planning process must define how security will be managed, who will be responsible, and
A. Who practices are reasonable and prudent for the enterprise. B. Who will work in the security department. C. What impact security will have on the intrinsic value of data. D. How security measures will be tested for effectiveness. |
How security measures will be tested for effectiveness.
|
|
|
Information security is the protection of data. Information will be protected mainly based on:
A. Its sensitivity to the company. B. Its confidentiality. C. Its value. D. All of the choices. |
All of the choices
|
|
|
Organizations develop change control procedures to ensure that
A. All changes are authorized, tested, and recorded. B. Changes are controlled by the Policy Control Board (PCB). C. All changes are requested, scheduled, and completed on time. D. Management is advised of changes made to systems. |
All changes are authorized, tested, and recorded.
|
|
|
Within the organizational environment, the security function should report to an organizational level that
A. Has information technology oversight. B. Has autonomy from other levels. C. Is an external operation. D. Provides the internal audit function. |
Has autonomy from other levels.
|
|
|
What is the MAIN purpose of a change control/management system?
A. Notify all interested parties of the completion of the change. B. Ensure that the change meets user specifications. C. Document the change for audit and management review. D. Ensure the orderly processing of a change request. |
Document the change for audit and management review.
|
|
|
Which of the following is most relevant to determining the maximum effective cost of access control?
A. the value of information that is protected B. management's perceptions regarding data importance C. budget planning related to base versus incremental spending. D. the cost to replace lost data |
the value of information that is protected
|
|
|
Which one of the following is the MAIN goal of a security awareness program when addressing senior management?
A. Provide a vehicle for communicating security procedures. B. Provide a clear understanding of potential risk and exposure. C. Provide a forum for disclosing exposure and risk analysis. D. Provide a forum to communicate user responsibilities. |
Provide a forum to communicate user responsibilities.
|
|
|
In developing a security awareness program, it is MOST important to
A. Understand the corporate culture and how it will affect security. B. Understand employees preferences for information security. C. Know what security awareness products are available. D. Identify weakness in line management support. |
Understand the corporate culture and how it will affect security.
|
|
|
Which of the following would be best suited to provide information during a review of the controls over the process of defining IT
service levels? A. Systems programmer B. Legal stuff C. Business unit manager D. Programmer |
Business unit manager
|
|
|
Which of the following best explains why computerized information systems frequently fail to meet the needs of users?
A. Inadequate quality assurance (QA) tools B. Constantly changing user needs C. Inadequate user participation in defining the system's requirements D. Inadequate project management. |
Inadequate user participation in defining the system's requirements
|
