Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

IS4550 SECURITY POLICIES > IS4550 CHAPTER 1 > Flashcards

IS4550 CHAPTER 1 Flashcards

1
Q

The process of determining the identity of an individual or device is called ___.

A

AUTHENTICATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Ensuring accessibility of information to authorized users when required is called ___.

A

AVAILABILITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A management technique used to improve the efficiency and effectiveness of a process within an organization is called ___.

A

BUSINESS PROCESS REENGINEERING (BPR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Limiting access to information/data to authorized users only is called ___.

A

CONFIDENTIALITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An ad hoc, ongoing effort to improve business products, services, or process is called ___.

A

CONTINUOUS IMPROVEMENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The state of data stored on any type of media is called ___.

A

DATA AT REST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The state of data when traveling over or through a network is called ___..

A

DATA IN TRANSIT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The act of managing implementation and compliance with organizational policies is called ___.

A

GOVERNANCE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The parameters within which a policy, standard, or procedure recommended when possible but are optional is called ___.

A

GUIDELINE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The implementation of controls designed to ensure confidentiality, integrity, availability, and non-repudiation is called ___.

A

INFORMATION ASSURANCE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The act of protecting information systems or IT infrastructures from unauthorized use, access, disruption, or destruction is called ___.

A

INFORMATION SYSTEMS SECURITY (ISS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The five-phase management process of controlling the planning, implementation, evaluation, and maintenance of information systems security is called ___.

A

INFORMATION SYSTEMS SECURITY MANAGEMENT LIFE CYCLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The act of ensuring that information has not been improperly changed is called ___.

A

INTEGRITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A principle that restricts information access to only those users with an approved and valid requirement is called ___.

A

NEED TO KNOW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The concept of applying technology in way that an individual cannot deny or dispute they were part of a transaction is called ___.

A

NONREPUDIATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A document that states how the organization is to perform and conduct business functions and transactions with a desired outcome is called ___.

17
Q

A structure for organizing policies, standards, procedures, and guidelines is called ___.

A

POLICY FRAMEWORK

18
Q

A written statement describing the steps required to implement a process is called ___.

19
Q

A set of policies that establish how an organization secures its facilities and IT infrastructure. It can also address how the organization meets regulatory requirements is called ___.

A

SECURITY POLICIES

20
Q

The portion of a service contract that formally defines the level of service. These agreements are typical in telecommunications contracts for voice and data transmission circuits is called ___.

A

SERVICE LEVEL AGREEMENT (SLA)

21
Q

An established and proven norm or method. The can be a procedural or technical ___ implemented organization-wide.

22
Q
  1. What is the issue in the following? John works in the accounting dept. but travels to other company locations. He must present the past quarter’s figures to the CEO in the morning. He forgot to update the Power Point presentation on his desktop computer at the main office.
  2. Unauthorized access to the system
  3. Integrity of the data
  4. Availability of the data
  5. Nonrepudiation of the data
  6. Unauthorized use of the system
A

Availability of the data

23
Q
  1. Governance is the practice of ensuring an entity is in conformance to policies, regulations, ___, and procedures.
24
Q
  1. COBIT is a widely accepted international best practices policy framework.
    TRUE OR FALSE
25
4. Which of the following are generally accepted as IA tenets but not ISS tenets? (Select 2) 1. Confidentiality 2. Integrity 3. Availability 4. Authentication 5. Nonrepudiation
Authentication | Nonrepudiation
26
5. Greg has developed a document on how to operate and back up the new financial sections storage area network. In it, he lists the steps required for powering up and down the system as well as configuring the backup tape unit. Greg has written ___.
Procedure
27
6. When should a wireless security policy be initially written? 1. When the industry publishes new wireless standards 2. When a vendor presents wireless solutions to the business 3. When the next generation of wireless technology is launched 4. After a company decides to implement wireless and before it is installed
After a company decides to implement wireless and before it is installed
28
7. A toy company is developing the next generation of children's reading aids. They already produced a comparable product, but the new one will not be available on shelves for another two years. What process would drive policies related to the new product's information systems security? 1. Continuous improvement 2. Business process reengineering 3. Encryption 4. Information systems security management life cycle 5. Software development life cycle
Business process reengineering
29
8. Implementation and enforcement of policies is a challenge. The biggest hindrance to implementation of policies is the ___ factor.
Human
30
9. Information systems security policies should support ___.
Business Operations
31
10. Security policies focus on providing consistent protection of information in the system. This happens by controlling multiple aspects of the information system that directly or indirectly affect normal operations at some point.While there are many different benefits to supporting operations, some are more prevalent than others. Which of the following are aspects of ISS policies that extend to support business operations? 1. Controlling change to the IT infrastructure 2. Protecting data at rest and in transit 3. Protecting systems from the insider threat 4. 2 & 3 Only 5. All the above
Controlling change to the IT infrastructure Protecting data at rest and in transit Protecting systems from the insider threat
32
11. Ted is an administrator in the server backup area. He is reviewing the contract for the offsite storage facility for validity. This contract includes topics such as the amount of storage space required, the pickup and delivery of media, response times during an outage, and security of media within the facility. This contract is an example of information security. TRUE OR FALSE
FALSE

IS4550 SECURITY POLICIES (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions