• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

19 Cards in this Set

  • Front
  • Back
Which of the following choices is not part of a security policy?
description of specific technologies used in the field of information security regulations.
Which of the following would be the first step in establishing an information security programme?
adoption of a corporate information security policy statemet
An effective information security policy should not have which of the following characteristics?
be designed with a short-to mid-term focus
What is the difference between advisory and regulatory security?
Advisory policies provide recommendations.
What can best be defined as high-level statements, beliefs, goals, and objectives?
A deviation or exception from a security standard requirs which of the following?
risk containment
Why would an information security policy require that communications test equipment be controlled?
The equipment can be used to browse information passing on a network.
Step-by-step instructions used to satisfy control requirements are called a
Which of the following embodies all the detailed actions that personnel are required to follow?
Which of the following would be defined as an absence or weadness of a safeguard that could be exploited?
a vulnerability
Within IT security, which of the following combinations best defines risk?
threat coupled with a vulnerability
IT security measures should
be tailored to meet organizational security goals.
Which of the following should not be addressed by employee termination practices?
employee bonding to protect against losses due to theft
What would best define risk management?
the process of assessing the risks
Controls are implemented to
mitigate risk and reduce the potential for loss.
Which of the following is an advantage of a qualitative over a quantitative risk analysis?
It prioritizes the risk and identifies areas for immediate improvement in addressing the vulnerabilities.
What can be defined as an event that could cause harm to the information systems?
a threat
One purpose of a security awareness program is to modify
attitudes of employees with sensitive data.
Which of the following should be given technical security training?
IT support personnel and system administrators