FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 4: Planning for Security

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 21

True/False

Review LaterAdd Note

Review Later

The ISO/IEC 27000 series is derived from an earlier standard, BS7799.

Correct Answer

verified

Show Answer

Question 22

True/False

Review LaterAdd Note

Review Later

The complete details of ISO/IEC 27002 are widely available to everyone.

Correct Answer

verified

Show Answer

Question 23

Short Answer

Review LaterAdd Note

Some policies may need a(n) ____________________ indicating their expiration date.

A managerial guidance SysSP document is created by the IT experts in a company to guide management in the implementation and configuration of technology.

__________ is a strategy of using multiple types of technology that prevent the failure of one system from compromising the security of information.

Every member of the organization's InfoSec department must have a formal degree or certification in information security.

Database shadowing duplicates data in real-time data storage, but does not back up the databases at the remote site.

Incident ____________________ is the set of activities taken to plan for, detect, and correct the impact of an incident on information assets.

Some policies may also need a(n) sunset clause indicating their expiration date. _________________________

RAID Level 1 is commonly called disk ____________________.

SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ________.

Law enforcement agencies may be much more capable of processing __________ than an organization that has been victimized.​

Systems-specific security policies are organizational policies that provide detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies. _________________________

____________________-specific security policies often function as standards or procedures to be used when configuring or maintaining systems.

________often function as standards or procedures to be used when configuring or maintaining systems.

A ____ site provides only rudimentary services and facilities.

The recovery point objective (RPO) is the point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage. _________________________

The ____________________ of an organization are the intermediate states obtained to achieve progress toward a goal or goals.

Managerial controls set the direction and scope of the security process and provide detailed instructions for its conduct.

A(n) alarming event is an event with negative consequences that could threaten the organization's information assets or operations.__________________