Upgrade to remove ads Show Only ₩37,125/year
Terms in this set (40)Which formula is typically used to describe the components of information security risks? A. Risk = Likelihood X Vulnerability B. Risk = Threat X Vulnerability Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register? A. Description of the risk C. Risk survey results Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining? A. Recovery time objective (RTO) A. Recovery time objective (RTO) Which one of the following is an example of a direct cost that might result from a business disruption? A. Damaged reputation D. Facility repair Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort? A. Disaster recovery plan (DRP) C. Business continuity plan (BCP) What is the first step in a disaster recovery effort? A. Respond to the disaster. D. Ensure that everyone is safe. Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation? A. Hot site B. Warm site A warm site balances cost and switchover time. It is less expensive than a hot site but can activate more quickly than a cold site. Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario? A. Checklist test C. Parallel test As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct? A. Checklist test C. Simulation test Which one of the following is an example of a reactive disaster recovery control? A. Moving to a warm site A.
Moving to a warm site George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use? A. Risk Management Guide for Information Technology Systems (NIST SP800-30) A. Risk Management Guide for Information Technology Systems (NIST SP800-30) NIST SP800-30, "Risk Management Guide for Information Technology Systems," is a widely used guide for IT security assessments. It contains specific guidance for U.S. government agencies and would be the most appropriate methodology for use in a federal government setting Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to health care providers? A. FFIEC C. HIPAA Health Insurance Portability and Accountability Act (HIPAA) governs the way doctors, hospitals, and other health care providers handle personal medical information. HIPAA requires that all medical records, billing, and patient information be handled in ways that maintain the patient's privacy. A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals? A. Health Insurance Portability and Accountability Act (HIPAA) B. Payment Card Industry Data Security Standard (PCI DSS) The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation? A. 11 B. 13 Which one of the following is the best example of an authorization control? A.
Biometric device C. Access control lists Once you have authenticated a user, access controls help ensure that only authorized users can access the protected resources. Authorization controls include access control lists, intrusion prevention systems, and network traffic filters. Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices? A. Support ownership D. Data ownership What is NOT a commonly used endpoint security technique? A. Full device encryption B.
Network firewall What is NOT one of the three tenets of information security? A. Confidentiality C. Safety What compliance regulation applies specifically to the educational records maintained by schools about students? A. Family Education Rights and Privacy Act (FERPA) A. Family Education Rights and Privacy Act (FERPA) What level of technology infrastructure should you expect to find in a cold site alternative data center facility? A. Hardware and data that mirror the primary site D. No technology infrastructure The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks. A. True A. True The term risk methodology refers to a list of identified risks that results from the risk-identification process. A. True B. False The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks. A. True A. True The recovery point objective (RPO) is the maximum amount of data loss that is acceptable. A. True A. True The business impact analysis (BIA) identifies the resources for which a business continuity plan (BCP) is necessary. A. True A. True Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP). A. True B. False A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster. A. True A. True The first step in creating a comprehensive disaster recovery plan (DRP) is to document likely impact scenarios. A. True B. False Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time. A. True B. False Most enterprises are well prepared for a disaster should one occur. A. True B. False A surge protector is an example of a preventative component of a disaster recovery plan (DRP). A. True A. True A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats. A. True B. False The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry. A. True A. True The Government Information Security Reform Act (Security Reform Act) of 2000 focuses on management and evaluation of the security of unclassified and national security systems. A. True A. True Authentication controls include passwords and personal identification numbers (PINs). A. True A. True Authorization controls include biometric devices. A. True B. False In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data. A. True A. True Remote wiping is a device security control that allows an organization to remotely erase data or email in the event of loss or theft of the device. A. True A. True Screen locks are a form of endpoint device security control. A. True A. True Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device. A. True B. False Sets with similar termsChapter 8: Risk, Response, and Recovery73 terms natalie_aguirre2 5- Information Security61 terms Primaltech CyberOps SecFund: Section 5 Information Security68 terms sakis_panou CIS4361 - Information Assurance and Security - Cha…102 terms Yakkuza Sets found in the same folderChapter 540 terms reverish004 Chapter 640 terms reverish004 Network Quiz 0340 terms PhilColodetti Chapter 720 terms reverish004 Other sets by this creatorServices Lines14 terms reverish004 WNRS - Race & Privilege Edition24 terms reverish004 Chapter 1520 terms reverish004 Chapter 1220 terms reverish004 Other Quizlet setsspanish sem two vocab20 terms Mia_Lickfelt exam 2 prep74 terms ZachhTheDestroyer CH.1116 terms Matthew_Lyman2 Related questionsQUESTION DMC do not have to be legally insured for business liability because they will be covered under the clients policy? (T/F) 3 answers QUESTION
The Windows operating system is used in 90% of the world's PCs. Microsoft has an international ... 4 answers QUESTION An advantage of hiring from within is that it improves employee morale. 15 answers QUESTION An organization in which managers do all that they can to maximize the ability of subordinates to think creatively so as to maximize the potential for organizational learning is called: 15 answers What is the main purpose of the GrammPrivacy and Security
The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
What is the main purpose of the GrammThe GLBA's purpose was to remove legal barriers preventing financial institutions from providing banking, investment and insurance services together.
How does GLBA impact information systems security?The main focus of the GLBA is to expand and tighten consumer data privacy safeguards and restrictions. The primary concern, related to the GLBA, of IT professionals and financial institutions is to secure and ensure the confidentiality of customers' private and financial information.
What are the main security requirements of the GLBA law?The Safeguard Rule requires that any institutions covered by the GLBA protect, via administrative, technical, and physical means, the confidentiality, integrity, and security of any nonpublic personal information that institution retains.
|