Flashcards in IS3350 CHAPTER 13 Deck (36)
This states the proper use of an organization's information technology resources and is called ___?
ACCEPTABLE USE POLICY (AUP)
The process through which a user proves his or her identity to access an information technology resource is called ___?
A minimum level of behavior or action that must be met in order to comply with a governance document. These are often specified in standards and are called ___?
An organization's governing body. It plans an organization's strategic direction and is required by law to act with due care and in the best interests of the organization. This body is called ___?
BOARD OF DIRECTOR (BOD)
An organization's senior information technology official. This role focuses on developing an organizations own IT resources. This position is called ___?
CHIEF INFORMATION OFFICER (CIO)
An organization's senior information security official is called the ___?
CHIEF INFORMATION SECURITY OFFICER (CISO)
An organization's most senior technology official. This role focuses on developing an organization's technology products. This position is called ___?
CHIEF TECHNOLOGY OFFICER (CTO)
This/these states how data is to be destroyed when it reaches the end of its life cycle and is called ___?
DATA DESTRUCTION POLICIES
This/these states how data is to be controlled controlled throughout its life cycle and is called ___?
DATA RETENTION POLICIES
Recommended actions and operational guides to users, IT staff, operations staff, and others when a specific standard doesn't apply is called ___?
Executive management's responsibility to provide strategic direction, oversight, and accountability for an organization's information and information systems resources is called ___?
INFORMATION SECURITY GOVERNANCE
How an organization manages its day-to-day security activities. It makes sure that the policies dictated by the executive management team as part of its governance function are properly implemented is called ____?
INFORMATION SECURITY MANAGEMENT
The day-to-day planning of a business is called ___?
An organization's high-level statement of information security direction and goals. These are the highest level governance documents and are called ____?
The detailed step-by-step tasks, or checklists, that should be performed to achieve a certain goal or task. These are the lowest level governance documents and called ___?
People that are affected by a policy, standard, guideline, or procedure. These are people who have an interest in a policy document and are called ___?
Mandatory activities, actions, or rules that must be met in order to achieve policy goals. These are usually technology neutral and are called ___?
Long-term business planning is called ___?
Short- to medium-term business planning is called ___?
A method of authentication that requires a user to prove their identity in two or more ways is called ___?
Pieces of information used to access information technology resources. These include passwords, personal identification numbers (PINs), tokens, smart cards, and biometric data and are called ___?
1. What is a policy?
1. An overall statement of information security scope and direction
2. A minimum threshold of information security controls that must be implemented
3. A checklist of steps that must be completed to ensure information security
4. A technology-dependent statement of best practices
5. Recommended actions and operational guidelines
An overall statement of information security scope and direction
2. What is information security governance?
Executive management providing strategic direction, oversight, and accountability for an organization's data and IT resources.
3. What type of policy would an organization use to forbid its employees from using organizational email for personal use?
2. Intellectual property policy
3. Anti-harassment policy
4. Acceptable use policy
5. Monitoring policy
Acceptable use policy
4. What is software piracy?
1. Unauthorized copying of software
2. Unauthorized distribution of software
3. Unauthorized use of software properly purchased by an organization
4. None of the above
5. 1 & 2
Unauthorized copying of software
Unauthorized distribution of software
5. What is information security management?
Middle management providing day-to-day guidance and oversight for an organization's information and information resources.
6. Employer monitoring can be a normal term of employment if advance notice is given?
TRUE OR FALSE
7. What is a standard?
A list of mandatory activities that must be completed to achieve an information security goal.
8. Which law states requirements for federal agency information security governance?