Management of Information Security 4th Edition – Test Bank
$25.00
Edition: 4th Edition
Format: Downloadable ZIP File
Resource Type: Test Bank
Duration: Unlimited downloads
Delivery: Instant Download
Management of Information Security 4th Edition – Test Bank
Chapter 04 – Information Security Policy
TRUE/FALSE
1.Policies must specify penalties for unacceptable behavior and define an appeals process.
ANS: T PTS: 1 REF: 128
2.One of the goals of an issue-specific security policy is to indemnify the organization against liability for an employee’s inappropriate or illegal use of the system.
ANS: T PTS: 1 REF: 128
3.Users have the right to use an organization’s information systems to browse the Web, even if this right is not specified in the ISSP.
ANS: F PTS: 1 REF: 135
4.Rule-based policies are less specific to the operation of a system than access control lists.
ANS: F PTS: 1 REF: 142
5.Since most policies are drafted by a single person and then reviewed by a higher-level manager, employee input should not be considered since it makes the process too complex.
ANS: F PTS: 1 REF: 155
MULTIPLE CHOICE
1.Which of the following is NOT one of the basic rules that must be followed when shaping a policy?
|
a. |
policy should never conflict with law |
c. |
policy should be agreed upon by all employees and management |
|
b. |
policy must be able to stand up in court if challenged |
d. |
policy must be properly supported and administered |
ANS: C PTS: 1 REF: 125
2.Which of the following is a policy implementation model that addresses issues by moving from the general to the specific and is a proven mechanism for prioritizing complex changes?
|
a. |
On-target model |
c. |
Bull’s-eye model |
|
b. |
Wood’s model |
d. |
Bergeron and Berube model |
ANS: C PTS: 1 REF: 126
3.Which of the following is NOT among the three types of InfoSec policies based on NIST’s Special Publication 800-14?
|
a. |
Enterprise information security policy |
|
b. |
User-specific security policies |
|
c. |
Issue-specific security policies |
|
d. |
System-specific security policies |
ANS: B PTS: 1 REF: 128
4.In addition to specifying the penalties for unacceptable behavior, what else must a policy specify?
|
a. |
appeals process |
c. |
what must be done to comply |
|
b. |
legal recourse |
d. |
the proper operation of equipment |
ANS: A PTS: 1 REF: 128
5.Which policy is the highest level of policy and is usually created first?
|
a. |
SysSP |
c. |
ISSP |
|
b. |
USSP |
d. |
EISP |
ANS: D PTS: 1 REF: 128
6.Which type of document is a more detailed statement of what must be done to comply with a policy?
|
a. |
procedure |
c. |
guideline |
|
b. |
standard |
d. |
practice |
ANS: B PTS: 1 REF: 128
MAECENAS IACULIS
Vestibulum curae torquent diam diam commodo parturient penatibus nunc dui adipiscing convallis bulum parturient suspendisse parturient a.Parturient in parturient scelerisque nibh lectus quam a natoque adipiscing a vestibulum hendrerit et pharetra fames nunc natoque dui.
ADIPISCING CONVALLIS BULUM
- Vestibulum penatibus nunc dui adipiscing convallis bulum parturient suspendisse.
- Abitur parturient praesent lectus quam a natoque adipiscing a vestibulum hendre.
- Diam parturient dictumst parturient scelerisque nibh lectus.
Scelerisque adipiscing bibendum sem vestibulum et in a a a purus lectus faucibus lobortis tincidunt purus lectus nisl class eros.Condimentum a et ullamcorper dictumst mus et tristique elementum nam inceptos hac parturient scelerisque vestibulum amet elit ut volutpat.
Reviews
There are no reviews yet.