Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
7 Cards in this Set
- Front
- Back
|
All of the following are basic components of a security policy EXCEPT the:
A) definition of the issue and the statement of relevant terms B) statement of roles and reponsibilities C) statement of applicability and compliance requirements D) statement of performance of characteristics and requirements |
D) statement of performance of characteristics and requirements
|
|
|
A security Policy would include all of the follow EXCEPT:
A) background B) Scope Statement C) Audit Requirements D) Enforcement |
B) Scope statement
|
|
|
Which one of the following is an important characteristic of an information security policy?
A) Identifies major functional areas of information B) Quantifies the effect of the loss of information C) Requires the identification of information owners D) Lists applications that support the business function |
A) Identifies major functional areas of Information.
Information security policies are high-level plans that describe the goals of the procedures. Polices are not guidelines or standards, nor are they procedure or controls. Policies describe security in general terms, not specifics. |
|
|
Ensuring the integrity of business information is the PRIMARY concern of:
A) Encryption Security B) Procedural Security C) Logical Security D) On-line Security |
B) Procedural Security
Procedures are looked at as the lowest level in the policy chain because they are the closet to the computer sand provide detailed steps for configuration and installation issues. |
|
|
Which of the following would be the first step in establishing an information security program?
A) Adoption of a corporate information security policy statement B) Development and implementation of an information security standards Manual C) Development of a security awareness-training program D) Purcahse of a security access control software |
A) Adoption of a coporate information security policy statement.
|
|
|
Which of ht efollowing department managers would be best suited to oversee the development of an information security policy?
A) Information Systems B) Human Resources C) Business operations D) Security Administration |
C) Business Operations
|
|
|
What is the function of a corporate information security policy?
A) Issue corporate standard to be used when addressing specific security problems B) issue guidelines in selecting equipment, configuration, design, and secure operations. C) Define the specific assets to be protected and identify the specific tasks which must be completed to secure them. D) Define the main security objectives which must be achieved and the security framework to meet business objectives. |
D) Define the main security objectives which must be achieved and the security framework to meet business objectives.
Information security policies are high-level plans that describe the goals of the provedures or control. Policies describe security in general, not specifics. They provide the blueprint for an overall security program just as a specification defines your next product. |
