Chapter 2 Review Questions
1. To protect the company to be able to operate and function. Managing information
security has more to do with policy and its enforcement than with technology of its
2. an organization loses its record of transa
LP3 Assignment: Ch3 Review Questions
1. Law is rules that are enforced by the state. Ethics are codes and standards that are acceptable.
2. Variety of laws that govern a nation or state and deal with the relationships and conflicts
LP8 Assignment: Ch8 Review Questions
1. Cryptography is the process of making and using codes to secure the transmission of
information, and cryptanalysis is the process of obtaining the original message (called the
plaintext) from an encrypted message (c
1. A threat is a category of objects, people or other entities that pose a danger to an asset where a
threat agent is a specific instance or component of a threat
2. Vulnerability is a weakness in a system therefore exposure would be the condition or stat
LP4 Assignment: Ch5 Review Questions
1. The process of identifying risk, represented by vulnerabilities on an organizations information
assets and infrastructure, and taking steps to reduce this risk to an acceptable level. It is a
starting point for the
LP6 Assignment: Ch6 Review Questions
1. The relationship is that data is only limited to what firewalls allow via specific places called ports.
There is the untrusted network on the outside, then the firewall which prevents unwanted or
LP4 Assignment: Ch3 Review Questions
1. By creating or validating an existing security blueprint for the implementation of needed security
controls to protect the information assets. A framework is the outline from which a more
detailed blueprint evolves.
LP7 Assignment: Ch7 Review Questions
1. IDPSs are much like burglar alarms. They both will monitor an area for actions that may
represent a threat and sound an alarm when those actions are detected.
2. A false positive seems like an alert, but is in fact,