Chapter 4 Assessment Flashcards Preview

Fundamentals of Information Systems Security > Chapter 4 Assessment > Flashcards

Flashcards in Chapter 4 Assessment Deck (15)
Loading flashcards...
1

Risk management is responding to a negative
event when it occurs.

True

2

With respect to IT security, a risk can result in
either a positive or a negative effect.

True

3

According to PMI, which term describes the list of
identified risks?

Risk registe

4

What is the primary purpose of a business impact
analysis (BIA)

All of the above--
A. To identify, categorize, and prioritize mission
critical business functions
B. To provide a road map for business continuity
and disaster recovery planning
C. To assist organizations with risk management
D. To assist organizations with incident response
planning

5

Which of the following terms defines the amount
of time it takes to recover a production IT system,
application, and access to data?

Recovery time objective

6

The recovery point objective (RPO) defines the
last point in time for _______ recovery that can be
enabled back into production.

Data

7

Which of the following solutions are used for
authenticating a user to gain access to systems,
applications, and data?

All of the above--
A. Passwords and PINs
B. Smart cards and tokens
C. Biometric devices
D. Digital certificates

8

Which risk management approach requires a dis
tributed approach with business units working
with the IT organization?

OCTAVE

9

The NIST SP800-30 standard is a _______________
management framework standard for performing
risk management.

Risk

10

Which term indicates the maximum amount of
data loss over a time period?

RPO

11

Organizations that permit their employees to use
their own laptops or smartphone devices and
connect to the IT infrastructure describe a policy
referred to as:

BYOD

12

Which of the following are organizational concerns for BYOD and mobility?

None of the above

13

__ __ is the U.S. security-related act that governs
regulated health care information.

HIPAA

14

Which U.S. security-related act governs the security of data specifically for the financial industry

GLBA

15

Which of the following business drivers are impacting businesses' and organizations' security
requirements and implementations?

All of the above -
A. Mobility
B. Regulatory compliance
C. Productivity enhancements
D. Always-on connectivity