IAAS 221 EXAM 1
2 out of 2 points
_ of information is the quality or state of being genuine or original, rather than
a reproduction or fabrication.
Ch. 7 Review
What common security system is an IDPS most like? In what ways are these
a. IDPSs are much like burglar alarms. They both will monitor an area for actions that
may represent a threat and sound an alarm when those a
Ch. 10 Review
1. What is a project plan? List what a project plan can accomplish.
a. The project plan instructs the individuals who are executing the implementation phase.
These instructions focus on the security control changes that are needed to
Ch. 11 Review
1. What member of an organization should decide where the information security function
belongs within the organizational structure? Why?
a. There is not a specific department or individual that decides where the information
Ch. 4 Review
1. How can a security framework assist in the design and implementation of a security
infrastructure? What is information security governance? Who in the organization should
plan for it?
a. Security framework can assist in the design
Ch. 6 Review
1. What is the typical relationship among the untrusted network, the firewall, and the
a. The relationship is that data is only limited to what firewalls allow via specific places
called ports. There is the untrusted
Ch. 2 Review
1. Why is information security a management problem? What can management do that
a. It is a management problem because it has more to do with risk management, policy,
and its enforcement than the technology of its i
Ch. 5 Review
1. What is risk management? Why is the identification of risks and vulnerabilities to
assets so important in risk management?
a. Risk management is the process of identifying vulnerabilities in an organizations
information system and
Ch. 3 Review
1. What is the difference between law and ethics?
a. Laws are rules that mandate or prohibit certain behavior and are enforced by the state.
Ethics are codes or principles of an individual or group that regulate and define acceptable
Critical Characteristics of Information
Availability: This allows authorized users to have access to the information they need. Making sure only
authorized users have access to the information is a key aspect of availability. To ensure authorized
Threat: I can be considered an indirect threat while browsing the internet on my personal computer. I
could accidentally download malicious software that could collect sensitive information stored on my
computer, such as, passwords, tax returns or banking
IAAS 221 EXAM 2
2 out of 2 points
The value of information to the organization's competition should influence the asset's valuation.
2 out of 2 points
ISA Server can use _ technology.
Other good examples would be; Malware protection,
Central Michigan University
Bachelor of Information Technology and Security
Chapter 3 Exercises
1.What does CISSP stand for? Use the internet to identify the ethical rules CISSP holders have
agreed to follow.
CISSP stands for Certified Information Systems Security Professional.
September 20th, 2016
Why is information security a management problem? What can
management do that technology cannot?
Management is responsible for implementing information security to protect
the ability of the organiza
2. There a lot of organization for veterans in the kent county area that offer numerous of different type
of course on security. They are free to veterans and service members. There so many I will include the