INFO 420/CT 431 Exam 1
Directions Short Answer: Provide a short answer for the following
question. Choose 4 out of 5 questions. Put an X through the one short answer
question you skip.
1. What is a business case?
Business case is an analysis of the organi
How would having a clear MOV and business case help Wal-Mart and its suppliers decide
whether an RFID supply chain makes good sense for everyone?
Lack of a clear Business plan is a reason for many failures. Wal-Mart should access the
problem and should co
Social software can provide a number of opportunities for managing projects. What are some
challenges or issues that should be considered before a project team implements a blog or a wiki?
Cultural consideration The content of the blogs must be reviewe
CT120-Database I - Final Exam - Chapters 4 and 5
Indicate whether the statement is true or false.
1. Constraints are rules used to enforce business rules, practices, and policies.
2. Constraints are used to ensure the accura
Chapter 4 Questions
1. What are the phases of the overall IR development process? (P. 133)
The overall IR process is made up of several phases: preparation, detection and
analysis, containment, eradication and recovery, and post-incident activit
Answer the following Questions 20 points total
Chapter 8 Questions
1. What is an incident damage assessment? (p. 315)
An incident damage assessment is the initial determination of the scope of the breach of
confidentiality, integrity, and availability of information and information assets.
Chapter 9 Questions
Why do some organizations abdicate all responsibility for DR planning to the IT
Department? (p. 370)
The disaster recovery elements of the contingency planning process are often taken for
granted in many organization. The
Chapter 12 Questions
1. What is a business crisis? (p.479)
A business crisis is a significant business disruption that stimulates extensive news media
coverage. The resulting public scrutiny can affect the organizations normal operations
Chapter 6 Questions
Chapter 6 Questions
What is the formal definition of a CSIRT? (p. 233)
Computer Security Incident Response Team, based on its policies, procedures, and
training, responds to the notice and works to regain control of the in
Chapter 2 Questions
What is the first step in beginning the contingency planning process?
To begin the process of planning for contingencies, an organization must first establish an
entity that will be responsible for the policy and p
Chapter 10 Questions
What are the ongoing challenges associated with local emergency services, service
providers, and community-related issues that organizations face when confronted with a
disaster? (p. 411)
In many disasters, outside help m
Chapter 5 Questions
From the perspective of incident response, what is an event? (P. 167)
When an adverse event becomes a genuine threat to the ongoing operations of an
organization, it is classified as n incident.
What is an incident cand
Chapter 11 Questions
What is BCP? (p.439)
Business continuity planning represents the final response of the organization when
faced with any interruption of its critical operations. It is the rapid relocation of an
organizations critical busi
Chapter 7 Questions
What is an IR reaction strategy? (p. 269)
IR reaction strategy are procedures for regaining control of systems and restoring
operations to normalcy.
If an organization chooses the protect and forget instead of the appre
Chapter 3 Questions
1. What purpose does business resumption planning serve? (p.91)
When the incident response (IR) process cannot contain and resolve an
incident, the company turns to the business resumption plan (BRP) to
help resume normal ope
Unit 2 assignment:
Part 1: 30 points total
Why is information security a management problem? What can management do that
Security implementation has more to do with management than technology. Management
implement and e
CT 300 Unit 6 Chapter 7
What is benchmarking?
a. Benchmarking can be defined as the process which involves the procedure to adhere to
the recommended and active practices that are followed by related firms
What is the standard of due care
Assignment: Unit 3
The Department of Defense is dedicated to protecting their own from terrorism. Whether
they are safeguarding DoD personnel, their families, installations, facilities, information
or any other related mate
Assignment: Unit 4
You are appointed as an information technology (IT) security manager in the XYZ
health care organization.
This large, publically traded health care organization has 25 sites across the
region with 2,000 staf
1. What are the four parts of the administrative simplification requirements of HIPPA?
a. There are four parts to HIPAAs Administrative Simplification:
i. Electronic transactions and code sets standards requirements
ii. Privacy requirements
1. What is information security policy? Why it is critical to the success of the InfoSec program?
a. Information security policy refers to a set of policies prepared by an organization. It
makes sure that all users within the province of the organization
What is the difference between DITSCAP and DIACAP?
a. The difference between DITSCAP and DIACAP is with DITSCAP, the accreditation status is
communicated via letter and status code. With DIACAP the accreditation status is
communicated by assigned IA Co
What section of the Sox compliance law requires proper controls to ensure confidentiality and
integrity of financial information and record-keeping within IT infrastructure?
a. Most of the IT departments responsibilities in the SOX Act fall under secti
1. What is the name for the broad process of planning for the unexpected? What are its three
a. Contingency planning
i. Business Impact Analysis (BIA): Is an introductory activity to both risk
management and for contingency planning. I