Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CS180 Cyber Security Ethics > Chapter6 > Flashcards

Chapter6 Flashcards

1
Q

Success of security policy program is dependent on?

A

Strong upper-management support
Practical security policies & procedures
Properly implemented controls
Quantifiable performance metrics and analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The least expensive, and most difficult to implement?

A

Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Basic Rules to follow when shaping policy:

A

Never conflict with the law
Stand up in court
Properly supported & administered
Contribute to the success of the organization
Involve end users of information systems
Adequate sharing of responsibility for proper use of information systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Policies should be:

A

Short
To the point
Signed off by senior management
Generic Enough

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

For policies to be effective, they must be:

A 
Properly disseminated
Read by all employees
Understood by all employees
Formally agreed to
Developed using industry-accepted practices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

3 types of information security policies:

A

Enterprise Information Security Policy
Issue-specific Information Security Policy
Systems-specific Information Security Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of the Enterprise Information Security Policy (EISP)?

A

1- Sets the strategic direction, scope, and tone of organization’s security effort
2- Assigns responsibility for various areas of info security
3- Guides development, implementation, and management requirements of the information security program
4- Supports the mission and vision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Components of the EISP?

A

1- Statement of the purpose
2- Information technology security elements
3- Need for information technology security
4- Information technology security responsibility & roles
5- References information technology standards & guidelines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the purpose of Issue-Specific Security Policy (ISSP)?

A

1- Provides guidance to secure use of tech systems
2- Serves to protect employee/org from ambiguity
3- Documents how technology-based system is controlled
4- Serves to compensate organization against liability for illegal system use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What Issue-Specific Security Policy (ISSP) topic should include?

A

Email
Use of Internet
Specific configurations of computers to defend against malware
Home use of company-owned computer equipment
Use of personal equipment on company network
Use of photocopy equipment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

System-Specific Policies (SysSPs) can be separated into:

A

Management guidance
Technical Specifications
Combined in a single policy document

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CS180 Cyber Security Ethics (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions