Fundamentals of Information Systems Security Third Edition

  1. T/F: Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information.
    True
  2. Software manufacturers limit their liability when selling software using which of the following?




    A) End-User License Agreement
  3. The _____ tenet of information systems security is concerned with the recovery time objective.




    A) Availability
  4. T/F: If you are publicly traded company or U.S. federal government agency, you must go public and announce that you have had a data breach and must inform the impacted individuals of that data breach.
    True
  5. Organizations that require customer service representatives to access private customer data can best protect customer privacy and make it easy to access other customer data by using which of the following security controls?




    A) Blocking out customer private data details and allowing access only to the last four digits of SSN numbers or account numbers.
  6. The _____ is the weakest link in an IT infrastructure.




    E) User Domain
  7. Which of the following security controls can help mitigate malicious email attachments?




    D) All of these
  8. You can help ensure confidentiality by implementing _____.




    A) A virtual private network for remote access
  9. T/F: Encrypting email communications is needed if you are sending confidential information within an email message through the public Internet.
    True
  10. T/F: Using security policies, standards, procedures and guidelines helps organizations decrease risks and threats.
    True
  11. A data classification standard is usually part of which policy definition?




    C) Asset protection policy
  12. A data breach is typically performed after which of the following?




    D) Unauthorized access to systems and application is obtained
  13. Maximizing availability primarily involves minimizing ______.




    C) All of these
  14. Which of the following is not a U.S. compliance law or act?




    B) PCI DSS
  15. Internet IP Packets are to cleartext what encrypted packets are to _____.




    D) Ciphertext
  16. T/F: A IT security policy framework is like an outline that identifies where security controls should be used.
    True
  17. T/F: A VPN router is a security application that is used to filter IP packets.
    False
  18. T/F: Access control lists (ACLs) are used to permit and deny traffic in an IP router.
    True
  19. T/F: Authorization is the process of granting rights to use an organization's IT assets, systems, applications, and data to specific users.
    True
  20. T/F: Cryptography is the process of transforming data from cleartext into ciphertext.
    False
  21. T/F: Encrypting the data within databases and storage devices gives an added layer of security.
    True
  22. T/F: For businesses and organizations under recent compliance laws, data classification standards typically include private, confidential, internal use only, and public domain categories.
    True
  23. T/F: Hypertext Transfer Protocol (HTTP) encrypts data transfers between secure browsers and secure web pages.
    False
  24. T/F: Hypertext Transfer Protocol (HTTP) Is the communications protocol between web browsers and websites with data in cleartext.
    True
  25. T/F: In the Remote Access Domain, if private data or confidential data is compromised remotely, you should set automatic blocking for attempted logon retries.
    False
  26. T/F: Networks, routers, and equipment require continuous monitoring and management to keep wide area network (WAN) service available.
    True
  27. T/F: Organizations should start defining their IT security policy framework by defining an asset classification policy.
    True
  28. T/F: Service-level agreement (SLAs) are optical backbone trunks for private optical backbone networks.
    False
  29. T/F: Simple Network Management Protocol (SNMP) is used for network device monitoring, alarm, and performance.
    True
  30. T/F: THe Sarbanes-Oxley (SOX) Act requires all types of financial institutions to protect customers' private financial information.
    False
  31. T/F: The System/Application Domain holds all the mission-critical systems, applications, and data.
    True
  32. T/F: The asset protection policy defines an organization's data classification standard.
    False
  33. T/F: The director of IT security is generally in charge of ensuring that the Workstation Domain conforms to policy.
    True
  34. T/F: The most critical aspect of a WAN services contract is how the service provider supplies troubleshooting, network management, and security management services.
    True
  35. T/F: The weakest link in the security of IT infrastructure is the server.
    False
Author
Anonymous
ID
334503
Card Set
Fundamentals of Information Systems Security Third Edition
Description
Chapters 1
Updated