Chapter 05

Chapter 05 - 05 True/False Indicate whether the statement...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
05 True/False Indicate whether the statement is true or false. ____ 1. A standard is a plan or course of action used to convey instructions from an organization’s senior-most man- agement to those who make decisions, take actions, and perform other duties. ____ 2. Quality security programs begin and end with policy. ____ 3. The ISSP contains the requirements to be met by the information security blueprint or framework. ____ 4. You can create a single comprehensive ISSP document covering all information security issues. ____ 5. Every policy should contain provisions for periodic review and a timetable for that review. ____ 6. A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee’s actions. ____ 7. A configuration list is a list of access rights used by file storage systems, object brokers, or other network communications devices to determine which individuals or groups may access an object that it controls. ____ 8. ACLs are more specific to the operation of a system than rule policies and may or may not deal with users directly. ____ 9. To remain viable, security policies must have a section outlining individuals responsible for review, a sched- ule of review, a method for making recommendations for changes, and include a specific policy issuance and planned revision date. ____ 10. The policy administrator is responsible for the creation, revision, distribution, and storage of the policy. ____ 11. The security framework is a more detailed version of the security blueprint. ____ 12. The global information security community has universally agreed with the justification for the code of prac- tices as identified in the ISO/IEC 17799. ____ 13. Many industry observers claim that ISO/IEC 17799 is not as complete as other frameworks. ____ 14. ISO/IEC 17799 is more useful than any other information security management approach. ____ 15. Failure to incorporate the organization’s mission, vision, and culture in the development of an information se- curity system practically guarantees the failure of the information security program. ____ 16. NIST SP-800-18, The Guide for Developing Security Plans for Information Technology Systems, includes templates for major application security plans. ____ 17. NIST 800-14, The Principles for Securing Information Technology Systems, provides detailed methods for assessing, designing, and implementing controls and plans for applications of varying size. ____ 18. The Security Area Working Group endorses ISO/IEC 17799. ____ 19. Information security safeguards can be grouped into two levels of control; managerial, and remedial ____ 20. Management controls address the design and implementation of the security planning process and security program management.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/09/2011 for the course COM 308 taught by Professor E.bautista during the Fall '10 term at St. Leo.

Page1 / 12

Chapter 05 - 05 True/False Indicate whether the statement...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online