12 True/False Indicate whether the statement is true or false. ____ 1. If an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program will probably continue to work well. ____ 2. As threats evolve or new vulnerabilities in the systems emerge, the information security team must determine if a shift in the priorities of the organization’s security posture is required. ____ 3. The tracking of trouble tickets should include tracking problem resolution. ____ 4. Policies can be considered enforceable even if they have not been understood and agreed to. ____ 5. Users do not participate in configuration management. ____ 6. Documentation procedures are not required for configuration and change management processes. ____ 7. When the amount of data stored on a particular hard drive averages 30-40% of available capacity for a pro-longed period, consider an upgrade for the hard drive. ____ 8. A maintenance model such as the ISO model deals with methods to manage and operate systems. ____ 9. External monitoring entails collecting intelligence from various data sources, and then giving that intelligence context and meaning for use by decision makers within the organization. ____ 10. Often, US-CERT is viewed as a definitive authority with regard to computer and information security events. ____ 11. Many publicly accessible information sources, both mailing lists and Web sites, are available to those organ-izations and individuals who have the time, expertise, and grant access to make use of them. ____ 12. Over time, external monitoring processes should capture information about the external environment in a format that can be referenced both across the organization as threats emerge and for historical use. ____ 13. The value of internal monitoring is low when the resulting knowledge of the network and systems configura-tion is fed into the vulnerability assessment and remediation maintenance domain. ____ 14. The characteristics concerned with manufacturer and software versions are about technical functionality — and they should be kept highly accurate and up-to-date. ____ 15. The target selection step involves using the external monitoring intelligence to configure a test engine (such as Nessus) for the tests to be performed. ____ 16. The intranet scan starts with an Internet search engine. ____ 17. All systems that are mission critical should be enrolled in PSV measurement. ____ 18. All telephone numbers controlled by an organization should be tested, unless the configuration of the phone equipment on premises can assure that no number can be dialed from the worldwide telephone system. ____ 19.
This is the end of the preview. Sign up to
access the rest of the document.