Related Essays

  • Information Security Program

    Risk management is the process of identifying the risk, represented in vulnerabilities and threats, to an organization’s information assets, and taking neces...

  • Three IT Risk Management Plan

    Risk is the uncertainty of an event or condition with the potential to cause a negative or positive effect (Watt, n.d.). Risk management is the identificatio...

  • Meggitt Plc Case Study

    3.5. Risk Management Schmit and Roth (1990) assert that the basic concept that aims to reduce the negative effects of uncertainties with respect to losses i...

  • Risk Management Case Study

    1.7.3 Risk Management ( Abdul Rasid, Golshan, Ismail & Ahmad, 2012) defined risk management, it involves managing to achieve a proper balance between realiz...

  • Vulnerabilities And Threats

    C Analyze risks Identifying the mechanism that deal with the recognized risks and measure their strength. Based on this assessment, considering the risks...

  • Argos Case Study

    Risk Management: Risk Management is a methodology for distinguishing, evaluating, and prioritizing risk of various types. When the risks are distinguished, t...

  • Risk Management: Business Analysis

    Risk management is the process of identifying risk, assessing risks, and taking numerous steps to reduce risks to a comfortable level (Snedaker, 2014). Perf...

  • Risk Analysis And Risk Management

    Risk management can be done by: (1) developing and implementing a risk management plan, (2) implementing security measures, and (3) evaluating and maintainin...

  • Perform Qualitative Risk Analysis: Project Life Cycle

    The purpose of performing the qualitative risk analysis is to take the risks and rank them from low to high depending on the chances of the risk occurring. T...

  • Cyber Security Threats

    For many employees in an organization, security processes may be a new domain, they may struggle with understanding and therefore employing. Security teams h...

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/19

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

19 Cards in this Set

  • Front
  • Back
Which of the following choices is not part of a security policy?
descripotion of specific technologies used in the field of information security grgulations.
Which of the following would be the first step in establishing an information security programme?
adoption of a corporate information security policy statemet
An effective information security policy should not have which of the following characteristics?
be designed with a short-to mid-term focus
What is the difference between advisory and regulatory security?
Advisory policies provide recommendations.
What can best be defined as high-level statements, beliefs, goals, and objectives?
policies
A deviation or exception from a security standard requirs which of the following?
risk containment
Why would an information security policy require that communications test equipment be controlled?
The equipment can be used to browse information passing on a network.
Step-by-step instructions used to satisfy control requirements are called a
procedure
Which of the following embodies all the detailed actions that personnel are required to follow?
procedures
Which of the following would be defined as an absence or weadness of a safeguard that could be exploited?
a vulnerability
Within IT security, which of the following combinations best defines risk?
threat coupled with a vulnerability
IT security measures should
be tailored to meet organizational security goals.
Which of the following should not be addressed by employee termination practices?
employee bonding to protect against losses due to theft
What would best define risk management?
the process of assessing the risks
Controls are implemented to
mitigate risk and reduce the potential for loss.
Which of the following is an advantage of a qualitative over a quantitative risk analysis?
It prioritizes the risk and identifies areas for immediate improvement in addressing the vulnerabilities.
What can be defined as an event that could cause harm to the information systems?
a threat
One purpose of a security awareness program is to modify
attitudes of employees with sensitive data.
Which of the following should be given technical security training?
IT support personnel and system administrators