Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

19 Cards in this Set

  • Front
  • Back
Which of the following choices is not part of a security policy?
descripotion of specific technologies used in the field of information security grgulations.
Which of the following would be the first step in establishing an information security programme?
adoption of a corporate information security policy statemet
An effective information security policy should not have which of the following characteristics?
be designed with a short-to mid-term focus
What is the difference between advisory and regulatory security?
Advisory policies provide recommendations.
What can best be defined as high-level statements, beliefs, goals, and objectives?
A deviation or exception from a security standard requirs which of the following?
risk containment
Why would an information security policy require that communications test equipment be controlled?
The equipment can be used to browse information passing on a network.
Step-by-step instructions used to satisfy control requirements are called a
Which of the following embodies all the detailed actions that personnel are required to follow?
Which of the following would be defined as an absence or weadness of a safeguard that could be exploited?
a vulnerability
Within IT security, which of the following combinations best defines risk?
threat coupled with a vulnerability
IT security measures should
be tailored to meet organizational security goals.
Which of the following should not be addressed by employee termination practices?
employee bonding to protect against losses due to theft
What would best define risk management?
the process of assessing the risks
Controls are implemented to
mitigate risk and reduce the potential for loss.
Which of the following is an advantage of a qualitative over a quantitative risk analysis?
It prioritizes the risk and identifies areas for immediate improvement in addressing the vulnerabilities.
What can be defined as an event that could cause harm to the information systems?
a threat
One purpose of a security awareness program is to modify
attitudes of employees with sensitive data.
Which of the following should be given technical security training?
IT support personnel and system administrators