Flashcards in Chapter 1 Assessment Deck (15)
Information security is specific to securing infor
mation, whereas information systems security is
focused on the security of the systems that house
Software manufacturers limit their liability when
selling software using which of the following?
End-User License Agreements
The __________ tenet of information systems secu
rity is concerned with the recovery time objective.
If you are a publicly-traded company or U.S. federal government agency, you must go public and announce that you have had a data breach and must inform the impacted individuals of that
Organizations that require customer service representatives to access private customer data can best protect customer privacy and make
it easy to access other customer data by using which of the following security controls?
Blocking out customer private data details
and allowing access only to the last four
digits of Social Security numbers or account
The __________ is the weakest link in an IT
Which of the following security controls can help
mitigate malicious email attachments?
All of the above --
A. Email filtering and quarantining
B. Email attachment antivirus scanning
C. Verifying with users that email source is
D. Holding all inbound emails with unknown
You can help ensure confidentiality by implementing __________.
A virtual private network for remote access
Encrypting email communications is needed if
you are sending confidential information within
an email message through the public Internet.
Using security policies, standards, procedures,
and guidelines helps organizations decrease
risks and threats
A data classification standard is usually part of
which policy definition?
Asset protection policy
A data breach is typically performed after which
of the following?
Unauthorized access to systems and application is obtained
Maximizing availability primarily involves minimizing __________.
All of the above --
A. The amount of downtime recovering from a
B. The mean time to repair a system or application
C. Downtime by implementing a business continuity plan
D. The recovery time objective
Which of the following is not a U.S. compliance
law or act