Chapter 04 - 04 True/False Indicate whether the statement...

Chapter 04
Download Document
Showing pages : 1 of 12
This preview has blurred sections. Sign up to view the full version! View Full Document
True/False Indicate whether the statement is true or false. ____ 1. The general management of an organization must structure the IT and information security functions to lead a successful defense of the organization’s information assets. ____ 2. “If you know the enemy and know yourself, you will succumb in every battle." (Sun Tzu) ____ 3. Once the threats have been identified, an assets identification process is undertaken. ____ 4. Identifying human resources, documentation, and data information is less difficult than identifying hardware and software assets. ____ 5. You should adopt naming standards that do not convey information to potential system attackers. ____ 6. Comprehensive means that an information asset should fit in only one category. ____ 7. A certificate authority would be categorized as a software security component. ____ 8. Examples of exceptionally grave damage include 1) armed hostilities against the United States or its allies and 2) disruption of foreign relations vitally affecting the national security. ____ 9. You can use only qualitative measures to rank values. ____ 10. Protocols are activities performed within the organization to improve security. ____ 11. With lattice-based access control, the column of attributes associated with a particular object (such as a print- er) are referred to as the access control table. ____ 12. Discretionary controls are managed by a central authority in the organization. ____ 13. The results from risk assessment activities can be delivered in a number of ways: a report on a systematic ap- proach to risk control, a project-based risk assessment, or a topic-specific risk assessment. ____ 14. Every organization should have the collective will and budget to manage every threat by applying controls. ____ 15. Organizations should communicate with system users throughout the development of the security program, letting them know that change is occurring. ____ 16. Internal benchmarking can provide the foundation for baselining. ____ 17. One problem with benchmarking is that there are many organizations that are identical. ____ 18. A best practice proposed for a small home office setting is always appropriate to help design control strategies for a multinational company. ____ 19. Best business practices are often called recommended practices. ____ 20. Metrics-based measures are generally less focused on numbers and more strategic than process-based meas- ures. ____ 21. The CBA is solely based on the cost of the proposed control. ____ 22. The amount of money spent to protect an asset is often based in part on the value of the asset. ____ 23. The components of asset valuation include equipment critical to the success of the organization. ____ 24.
Background image of page 1
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Create a FREE account now to get started. Log In

The email address you entered is not valid. The email address you provided is already in use.
Your username must be at least 5 characters. Your username must consist of only alphanumeric characters. Your username must contain at least one letter. Your username contains inappropriate language. Another user has already claimed this username.
Your password must be at least 6 characters in length.
{[ $select.selected.label ]} Please select a valid school.
By creating an account you agree to our Privacy Policy, Terms of Use, and Honor Code.
Create my FREE account Processing...
Sign Up with Facebook

We will never post anything without your permission.

Already on Course Hero? Log In