1. Assurance is the process of examining a computer product or system with respect to certain criteria.
2. Problems with providing strong computer security involve only the design phase.
3. IT security management has evolved considerably over the last few decades due to the rise in risks to networked systems.
4. To ensure that a suitable level of security is maintained, management must follow up the implementation with an evaluation of the effectiveness of the security controls.
MULTIPLE CHOICES QUESTIONS
5. __________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.
A. Availability C. System Integrity
B. Privacy D. Data Integrity
6. Security classes are referred to as __________.
A. security clearances B. security classifications
C. security levels D. security properties
7. __________ ensures that critical assets are sufficiently protected in a cost-effective manner.
A. IT control B. IT security management
C. IT discipline D. IT risk implementations
8. The intent of the ________ is to provide a clear overview of how an organization’s IT infrastructure supports its overall business objectives.
A. risk register B. corporate security policy
c. vulnerability source D. threat assessment
9. Which of the following supports the Defense-in-depth strategy?
A. Abstraction B. Data Hiding
C Layering D. Encryption
10. The objective of the ________ control category is to avoid breaches of any law, statutory, regulatory, or contractual obligations, and of any security requirements.
B. Asset management
D. Business continuity management
11. Which of the following is not a security architecture framework?
A. Sherwood Applied Business Security Architecture (SABSA)
B. NIST Special publication 800-53
C. ISO 27001 & 27002
D. Open Web Application Security Project (OWASP)
12. Which security management is considered complimentary to ISO/27001 & 20072
C. NIST Special publication 800-53
13. The objective of the ________ control category is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption.
A. asset management
B. business continuity management
C. information security incident management
D. physical and environmental security
FILL-IN THE BLANK QUESTIONS
. 14. A loss of _________ is the disruption of access to or use of information or an information system.
15. A subject is said to have a security _________ of a given level.
16. ISO details a model process for managing information security that comprises the following steps: plan, do, ________, and act.
17. A _________ on an organization’s IT systems identifies areas needing treatment.
Answer: Risk Assessment
SHORT ANSWER QUESTIONS
18. Consider a desktop publishing system used to produce documents for various organizations. Give an example in which system availability is the most impotent requirement. Please be very brief.
19. The necessity of the “no read up” rule for a multilevel security is fairly obvious. What is the importance of the “no write down” rule?
20. List and briefly define the five alternatives for treating identified risks.
WHY SHOULD YOU HIRE EXPERT ACADEMIC WRITERS?
Answering this question is not essay as it seems. It will require you to research or burn your brain power, write your findings down, edit, proofread severally, and submit unsure of the grade you will get. Assignist.com assignment writers are offering to take care of that. Order your assignment now, relax, submit, and enjoy excellent grades. We guarantee you 100% original answers, timely delivery, and some free products.