merkow_tb_04

merkow_tb_04 - CHAPTER 4: SECURITY MANAGEMENT Multiple...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
CHAPTER 4: SECURITY MANAGEMENT Multiple Choice: 1. An effective security policy contains all of the following information except: A. Reference to other policies B. Measurement expectations C. Compliance management and measurements description D. Glossary of terms Answer: D Reference: Security Policies Set the Stage Difficulty: moderate 2. Which of the following is typically NOT found in corporate security policy? A. Effective/expiration dates B. Standards library structure C. Authorizing individual D. Exception process Answer: B Reference: Security Policies Set the Stage Difficulty: moderate 3. A(n) ____________ policy might prescribe the need for information security and may delegate the creation and management of the program. A. Programme-level B. System-specific C. Issue-specific D. Programme-framework Answer: A Reference: Four Types of Policies Difficulty: moderate 4. A(n) ____________ policy focuses on policy issues that management decided for a specific system. A. Programme-level B. System-specific C. Issue-specific D. Programme-framework
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Answer: B Reference: Four Types of Policies Difficulty: easy 5. ____________ policy speaks to specific issues of concern to the organization. A. Programme-level B. System-specific C. Issue-specific D. Programme-framework Answer: C Reference: Four Types of Policies Difficulty: moderate 6. Programme-level policy helps management do all of the following except: A. Establish a security programme B. Assign programme management responsibilities C. Depict the library standards structure D. Establish a basis for policy compliance Answer: C Reference: Programme-Level Policies Difficulty: moderate 7. Which of the following is not a programme-level policy component? A. Compliance B. Responsibilities C. Scope D. Rationale Answer: D Reference: Programme-Level Policies Difficulty: moderate 8. The programme-level policy component ____________ authorizes and defines the use of specific penalties and disciplinary action for those failing to comply with computer security policies. A. Purpose B. Scope C. Compliance D. Responsibilities Answer: C Reference: Programme-Level Policies Difficulty: moderate 9. The programme-level policy component ____________ specifies which resources, information, and personnel are covered.
Background image of page 2
A. Purpose B. Scope C. Compliance D. Responsibilities. Answer: B Reference: Programme-Level Policies Difficulty: moderate 10. All of the following information technology management’s decisions are reflected in the programme- framework policy EXCEPT: A. Priorities for protection B. Resource allocation C. Assignment of responsibilities D. None of the above. Answer: D Reference: Programme-Framework Policies Difficulty: moderate 11. Some organizations distribute handbooks that address the programme-framework policy, these combine: A. Policy B. Standards C. Both of the above D. None of the above Answer: C Reference: Programme-Framework Policies Difficulty: moderate 12. The “key” policy areas of computer security include all of the following except:
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 10

merkow_tb_04 - CHAPTER 4: SECURITY MANAGEMENT Multiple...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online