question

profilejimpop1998
quize4.pdf
Home>Computer Science homework help>question

2 points

The ____________ may be performed on an annual basis; however, the _________ should be done more frequently.

Quiz 4

Purpose

This assignment will assess your ability to:

· Compare and contrast different types of standards including: laws, regulations, policies, voluntary, and framework-based standards. [IAS 1]

· Recommend managerial, technical, and operational controls within governance channels.

· Promote continuous learning from security incidents.

Overview

This quiz covers Module 4 concepts. It will take about 60 minutes. This is an individual assignment. Make sure to complete all of the module’s reading and preparation before taking the quiz.

vulnerability scanning, policy development 

vulnerability scanning, risk assessment

risk assessment, vulnerability scanning

risk assessment, policy development

1

2 points

Which one of the statements is NOT true?

2 points

Which one of the statements is NOT true?

Larger companies are expected to devote more resources to security controls and implement more automated solutions to address the issues

Government entities will have a formalized assessment and authorization process. 

Smaller organizations need to decide what is feasible to protect the resources adequately and may need to engage external resources to provide adequate protection. 

Each organization should develop a process whereby the security controls and the residual risk are approved and accepted by security analysts.

The NIST uses terminology in the 800-53 standard (Recommended Security Controls for Federal Information Systems) with roots in the insurance sector.

Understanding the intent of the control also assists in interpreting the terminology used within the control. 

Many different organizations, committees, and geographic representations promulgate the standards.

Compliance Is not security, but it is a good start.

2

3

2 points

Which one of the statements is NOT true?

2 points

The risk assessment should represent a documented meeting of the minds between information security and__________.

2 points

Which one of the following is NOT a Security Control Framework and Standard Example?

Vulnerability assessments, penetration testing, and internal audit reviews of the security controls ensure that the policies and procedures that were created are being followed. 

To achieve support for the implementation of security policies throughout the organization and to ensure that the security policies do not disrupt the business, it is NOT advisable to establish an information security council.

The documented security policies and procedures are necessary; however, if individuals do not truly understand their responsibilities to comply with the security controls, the likelihood that the appropriate processes will be followed is greatly diminished.

Multiple control frameworks can be selected for different levels of detail. 

senior management

 risk analyst

services acquisition

 regulations

ISO 27004

HIPAA

FISMA

NIST 800-53

4

5

6

2 points

According to the Verizon annual report on data breaches, what is the fastest and most cost-effective way for a company not to be a victim of cyber-attackers?

2 points

Vulnerability scanning is performed as part of the ________ to provide the status of the technical controls and where improvements need to be made. 

2 points

COBIT stands for:

Review what incidents are occurring and implement and monitor appropriate controls.

Focus on internal threats.

Invest in encryption solutions.

Invest in state-of-art security software and hardware.

penetration testing

control frameworks

risk assessment

security tests 

Command Objectives for Information and related Technology framework

Control Objectives for Information and related Technology framework

Computer Objectives for Information and related Technology framework

Computer Objectives for Information and related Testing framework 

7

8

9

2 points

____________ is a set of comprehensive requirements for enhancing payment account security, formed by several major credit card issuers, to facilitate the broad adoption of a comprehensive security standard designed to protect cardholder data.

1 point

Which one of the following control families includes the employment of vulnerability scanning tools and techniques that promote interoperability among tools and automate parts of the vulnerability management process?

2 points

Which is NOT an advantage of reviewing the incidents of other companies from published press releases and news reports?

GLBA

HIPAA

FISMA

PCI-DSS

Risk assessment

Services acquisition

Program management

Risk mitigation

Helps to learn what caused the security breach

Helps to learn what actions the company is planning for free

Helps to enhance security governance in a cost-effective way

Helps ful�lling security certi�cation requirements

10

11

12

2 points

Which one of the following control families includes developmental and evaluation-related assurance requirements?

2 points

Once a control framework or set of standards has been chosen and implemented, the framework must be internally and externally ___________ regularly.

2 points

What does the CMMI stand for?

Risk Assessment

System and Services acquisition

Program management

System Maintenance

discussed

standardized 

reviewed

audited 

Capability Maturity Model Institute

Capability Managed Model Integration

Capability Maturity Model Integration

Capability Measurement Model Integration

13

14

15

2 points

Which one of the statements is NOT true?

2 points

Which of the control families is NOT classi�ed as operational?

2 points

The _________ control family was added in NIST 800-53 Rev3 to provide the controls in support of managing an information security program.

The world operates on standards.

A practice that works for one organization should be used as a best practice for another. 

Most control frameworks are written at a higher, broader level, which provides �exibility to implement controls to satisfy the speci�c technological request.

Over time, the standards evolve, and they change to meet societal and technological needs.

System and information integrity

Con�guration management

Awareness and training

Access control

Program management

Services acquisition

Risk management

Risk Assessment

16

17

18

2 points

Which kind of cyber threats should a company fear the most?

2 points

_____________ is a set of books published by the British government’s Stationary Of�ce between 1989 and 1992 to improve IT service management.

A hacker targeting C-suite executive

Hackers motivated for �nancial gains

Script Kiddies

Advanced Persistent Threats

ITIL

HISMA 

ISO 20000

IT-DSS

19

20