IS3350 CHAPTER 13 Flashcards Preview

CSC 6530 SECOND-TERM > IS3350 CHAPTER 13 > Flashcards

Flashcards in IS3350 CHAPTER 13 Deck (36)
Loading flashcards...
1

This states the proper use of an organization's information technology resources and is called ___?

ACCEPTABLE USE POLICY (AUP)

2

The process through which a user proves his or her identity to access an information technology resource is called ___?

AUTHENTICATION

3

A minimum level of behavior or action that must be met in order to comply with a governance document. These are often specified in standards and are called ___?

BASELINE

4

An organization's governing body. It plans an organization's strategic direction and is required by law to act with due care and in the best interests of the organization. This body is called ___?

BOARD OF DIRECTOR (BOD)

5

An organization's senior information technology official. This role focuses on developing an organizations own IT resources. This position is called ___?

CHIEF INFORMATION OFFICER (CIO)

6

An organization's senior information security official is called the ___?

CHIEF INFORMATION SECURITY OFFICER (CISO)

7

An organization's most senior technology official. This role focuses on developing an organization's technology products. This position is called ___?

CHIEF TECHNOLOGY OFFICER (CTO)

8

This/these states how data is to be destroyed when it reaches the end of its life cycle and is called ___?

DATA DESTRUCTION POLICIES

9

This/these states how data is to be controlled controlled throughout its life cycle and is called ___?

DATA RETENTION POLICIES

10

Recommended actions and operational guides to users, IT staff, operations staff, and others when a specific standard doesn't apply is called ___?

GUIDELINES

11

Executive management's responsibility to provide strategic direction, oversight, and accountability for an organization's information and information systems resources is called ___?

INFORMATION SECURITY GOVERNANCE

12

How an organization manages its day-to-day security activities. It makes sure that the policies dictated by the executive management team as part of its governance function are properly implemented is called ____?

INFORMATION SECURITY MANAGEMENT

13

The day-to-day planning of a business is called ___?

OPERATIONAL PLANNING

14

An organization's high-level statement of information security direction and goals. These are the highest level governance documents and are called ____?

POLICY

15

The detailed step-by-step tasks, or checklists, that should be performed to achieve a certain goal or task. These are the lowest level governance documents and called ___?

PROCEDURE

16

People that are affected by a policy, standard, guideline, or procedure. These are people who have an interest in a policy document and are called ___?

STAKEHOLDERS

17

Mandatory activities, actions, or rules that must be met in order to achieve policy goals. These are usually technology neutral and are called ___?

STANDARDS

18

Long-term business planning is called ___?

STRATEGIC PLANNING

19

Short- to medium-term business planning is called ___?

TACTICAL PLANNING

20

A method of authentication that requires a user to prove their identity in two or more ways is called ___?

TWO-FACTOR AUTHENTICATION

21

Pieces of information used to access information technology resources. These include passwords, personal identification numbers (PINs), tokens, smart cards, and biometric data and are called ___?

USER CREDENTIALS

22

1. What is a policy?

1. An overall statement of information security scope and direction
2. A minimum threshold of information security controls that must be implemented
3. A checklist of steps that must be completed to ensure information security
4. A technology-dependent statement of best practices
5. Recommended actions and operational guidelines

An overall statement of information security scope and direction

23

2. What is information security governance?

Executive management providing strategic direction, oversight, and accountability for an organization's data and IT resources.

24

3. What type of policy would an organization use to forbid its employees from using organizational email for personal use?

1. Privacy policy
2. Intellectual property policy
3. Anti-harassment policy
4. Acceptable use policy
5. Monitoring policy

Acceptable use policy

25

4. What is software piracy?

1. Unauthorized copying of software
2. Unauthorized distribution of software
3. Unauthorized use of software properly purchased by an organization
4. None of the above
5. 1 & 2

Unauthorized copying of software

Unauthorized distribution of software

26

5. What is information security management?

Middle management providing day-to-day guidance and oversight for an organization's information and information resources.

27

6. Employer monitoring can be a normal term of employment if advance notice is given?
TRUE OR FALSE

TRUE

28

7. What is a standard?

A list of mandatory activities that must be completed to achieve an information security goal.

29

8. Which law states requirements for federal agency information security governance?

1. FISMA
2. FERPA
3. HIPAA
4. GLBA
5. FIPPS

FISMA

30

9. A guideline is a list of mandatory activities that must be completed to achieve an information security goal.
TRUE OR FALSE

FALSE