Ch1 Comp Security
1. An indirect attack involves a hacker using a personal computer to break into a system.
ANS: F PTS: 1 REF: 3
2. The value of information comes from the characteristics it possesses.
ANS: T PTS: 1 REF: 6
3. By balancing information security and access, a completely secure information system can be created.
ANS: F PTS: 1 REF: 8
4. The security blueprint is a detailed version of the security framework.
ANS: T PTS: 1 REF: 25
5. One of the basic tenets of security architectures is the spheres of security.
ANS: F PTS: 1 REF: 30
1. Which term describes a subject or object’s ability to use, manipulate, modify, or affect another …show more content…
b.|Champion|d.|Chief information security officer|
ANS: B PTS: 1 REF: 19
16. Which security project team role is filled by individuals who understand the organizational culture, existing policies, and requirements for developing and implementing successful policies?
a.|Security policy developers|c.|Security professionals|
b.|Risk assessment specialists|d.|Team leader|
ANS: A PTS: 1 REF: 19
17. When organizations record versions of their policy in English and alternate languages, they are attempting to meet the ____ criteria to make the policy effective and legally enforceable.
a.|Comprehension (understanding)|c.|Review (reading)|
b.|Compliance (agreement)|d.|Dissemination (distribution)|
ANS: C PTS: 1 REF: 20
18. A(n) ____ is a written statement of the organization’s purpose.
ANS: D PTS: 1 REF: 21
19. An enterprise information security policy (EISP) is also known as a(n) ____.
a.|issue-specific security policy|c.|systems-specific security policy|
b.|general security policy|d.|strategic planning policy|
ANS: B PTS: 1 REF: 21
20. There are two general methods for implementing technical controls within a specific application to enforce policy: ____ and configuration rules.