Security Program Document is consisted of the following: Security Policies b) Pr
ID: 3715484 • Letter: S
Question
Security Program Document is consisted of the following:
Security Policies b) Procedures c) Standard d) Guidelines e) All
To avoid shelfware, electronic policies should be:
Brief b) Updated c) Relevant d) a and c e) b and d
The process of periodically reviewing the relevant policy documents consists of four basic steps:
a) Monitoring the plan b) Evaluating the implementation c) A and B d) None
Types of security policy that stressed specific area of security focus, for example: Deals with Information Classification is:
a) Organizational Policy b) Functional Policy
c) System Specific Policy D)None
_____________ Enables personnel working with data to know when it is sensitive
Data Handling b) Data labeling c) Data Disposing d) All
A COBIT framework that receives a solutions and make them usable by end users is:
COBIT Policy b) COBIT Detail C) COBIT Implementation D) Delivery and Support
Provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management systems (ISMS), and controls 11 areas of information security management
a) NIST 800-53 b) ISO/IEC 27001:2005 c) COBIT d) All
_____________is the method by which firms evaluate potential losses and take action to reduce or eliminate such threats.
a) Risk control b)Risk response c)Risk Incident d) All
These are the laws, regulations, policies, practices and guidelines that govern the overall requirements
a) Technical Controls b)Physical Controls c)Administration Controls d) A and B
Examples of ________________ includes firewalls, anti-virus software, authentication systems, intrusion detection systems, and file encryption, among others
a) Technical Controls b) Physical Controls c) A and B d) None
Section Two True or False
[1] ___________Web-based policies should each be no more than two online pages to get across as
to what is expected.
[2] __________ Policy Document is your company's first defense in preparing for and
mitigating a cyber-attack.
[3] ___________The Acceptable Use Policy (AUP) often goes hand-in-hand with an organization’s
internet usage policy.
[4] ___________Each policy should be specific and action oriented, including Baselines to take
around each topic.
[5] ___________ Policies published online should be limited in length to two to three pages.
[6] _________COBIT is a nationally accepted set of tools organized into a
framework that executives can use to ensure their IT is helping
them achieve their goals and objectives.
7] __________ Sensitive information is confidential material would cause damage
or be prejudicial to national security if publicly available.
[8] __________ Effective policies have consistent sanction policies to enable action when
the policies are not followed.
[9]__________ Technical jargon is acceptable both in technical documentation and in
high-level security policies.
[10]_________ Policy should be written to be technology dependent, as the technology
may change over time.
Section Three: Fill in the blank
[1] A special category of private information that is becoming increasingly important today is:
_________________________________________.
[2] A security policy principle (control) suggestion that's often met with raised eyebrows is
______________________________________.
[3] Practices of Security Policies that deals that policies are oriented to communicate mostly to
non- technical people ________________________________________.
[4] ________________________ Implement Strong Access Control Measures (Logical and Physical
Access, Need to Know)
[5] Information that is Secret material would cause "serious damage" to national security if it were
publicly available is _____________________________________.
[6] __________________________ bridges the gap between the business and IT.
[7] ________________________This domain includes the actual processing of data by
application systems, often classified under application controls.
[8] _______________________ restore the system or process back to the state prior to a
harmful event.
[9] The COBIT domain that addresses management’s oversight of the organization's control
process is _________________________________________.
[10] ______________________are clearly the best, since they minimize the possibility
of loss by preventing the event from occurring.
Explanation / Answer
Section 1
2.Ans-:e.)b and d
To avoid shelfware, electronic policies should be: Brief , Updated and Relevant
3.Ans-:c.)a and b as The process of periodically reviewing the relevant policy documents consists of four basic steps: a) Monitoring the plan b) Evaluating the implementation
4.Ans-:Types of security policy that stressed specific area of security focus is a.)Organisational policy
5.Ans-:c.)Data disposing enables personal working with data when it is sensitive
8.Ans-:a.)Risk control is the method by which firms evaluate potential losses and take action to reduce or eliminate such threats.
9.ans-:d.)a and b Technical and Physical controls are the laws, regulations, policies, practices and guidelines that govern the overall requirements
10.Ans-:a.)Technical control .Examples of technical contol includes firewalls, anti-virus software, authentication systems, intrusion detection systems, and file encryption, among others