Ch1 Comp Security

2289 words 10 pages
Chapter 1: Introduction to Information Security

TRUE/FALSE

1. An indirect attack involves a hacker using a personal computer to break into a system.

ANS: F PTS: 1 REF: 3

2. The value of information comes from the characteristics it possesses.

ANS: T PTS: 1 REF: 6

3. By balancing information security and access, a completely secure information system can be created.

ANS: F PTS: 1 REF: 8

4. The security blueprint is a detailed version of the security framework.

ANS: T PTS: 1 REF: 25

5. One of the basic tenets of security architectures is the spheres of security.

ANS: F PTS: 1 REF: 30

MULTIPLE CHOICE

1. Which term describes a subject or object’s ability to use, manipulate, modify, or affect another
…show more content…

a.|Team leader|c.|Chief information officer|
b.|Champion|d.|Chief information security officer|

ANS: B PTS: 1 REF: 19

16. Which security project team role is filled by individuals who understand the organizational culture, existing policies, and requirements for developing and implementing successful policies?
a.|Security policy developers|c.|Security professionals|
b.|Risk assessment specialists|d.|Team leader|

ANS: A PTS: 1 REF: 19

17. When organizations record versions of their policy in English and alternate languages, they are attempting to meet the ____ criteria to make the policy effective and legally enforceable.
a.|Comprehension (understanding)|c.|Review (reading)|
b.|Compliance (agreement)|d.|Dissemination (distribution)|

ANS: C PTS: 1 REF: 20

18. A(n) ____ is a written statement of the organization’s purpose.
a.|vision|c.|framework|
b.|strategic plan|d.|mission|

ANS: D PTS: 1 REF: 21

19. An enterprise information security policy (EISP) is also known as a(n) ____.
a.|issue-specific security policy|c.|systems-specific security policy|
b.|general security policy|d.|strategic planning policy|

ANS: B PTS: 1 REF: 21

20. There are two general methods for implementing technical controls within a specific application to enforce policy: ____ and configuration rules.
a.|assessment control

Related