Management of Information Security 4th Edition – Test Bank

$25.00

Edition: 4th Edition

Format: Downloadable ZIP File

Resource Type: Test Bank

Duration: Unlimited downloads

Delivery: Instant Download

Management of Information Security 4th Edition – Test Bank

Chapter 04 – Information Security Policy

TRUE/FALSE

1.Policies must specify penalties for unacceptable behavior and define an appeals process.

ANS: T PTS: 1 REF: 128

2.One of the goals of an issue-specific security policy is to indemnify the organization against liability for an employee’s inappropriate or illegal use of the system.

ANS: T PTS: 1 REF: 128

3.Users have the right to use an organization’s information systems to browse the Web, even if this right is not specified in the ISSP.

ANS: F PTS: 1 REF: 135

4.Rule-based policies are less specific to the operation of a system than access control lists.

ANS: F PTS: 1 REF: 142

5.Since most policies are drafted by a single person and then reviewed by a higher-level manager, employee input should not be considered since it makes the process too complex.

ANS: F PTS: 1 REF: 155

MULTIPLE CHOICE

1.Which of the following is NOT one of the basic rules that must be followed when shaping a policy?

a.	policy should never conflict with law	c.	policy should be agreed upon by all employees and management
b.	policy must be able to stand up in court if challenged	d.	policy must be properly supported and administered

ANS: C PTS: 1 REF: 125

2.Which of the following is a policy implementation model that addresses issues by moving from the general to the specific and is a proven mechanism for prioritizing complex changes?

a.	On-target model	c.	Bull’s-eye model
b.	Wood’s model	d.	Bergeron and Berube model

ANS: C PTS: 1 REF: 126

3.Which of the following is NOT among the three types of InfoSec policies based on NIST’s Special Publication 800-14?

a.	Enterprise information security policy
b.	User-specific security policies
c.	Issue-specific security policies
d.	System-specific security policies

ANS: B PTS: 1 REF: 128

4.In addition to specifying the penalties for unacceptable behavior, what else must a policy specify?

a.	appeals process	c.	what must be done to comply
b.	legal recourse	d.	the proper operation of equipment

ANS: A PTS: 1 REF: 128

5.Which policy is the highest level of policy and is usually created first?

a.	SysSP	c.	ISSP
b.	USSP	d.	EISP

ANS: D PTS: 1 REF: 128

6.Which type of document is a more detailed statement of what must be done to comply with a policy?

a.	procedure	c.	guideline
b.	standard	d.	practice

ANS: B PTS: 1 REF: 128

MAECENAS IACULIS

Vestibulum curae torquent diam diam commodo parturient penatibus nunc dui adipiscing convallis bulum parturient suspendisse parturient a.Parturient in parturient scelerisque nibh lectus quam a natoque adipiscing a vestibulum hendrerit et pharetra fames nunc natoque dui.

ADIPISCING CONVALLIS BULUM

Vestibulum penatibus nunc dui adipiscing convallis bulum parturient suspendisse.
Abitur parturient praesent lectus quam a natoque adipiscing a vestibulum hendre.
Diam parturient dictumst parturient scelerisque nibh lectus.

Scelerisque adipiscing bibendum sem vestibulum et in a a a purus lectus faucibus lobortis tincidunt purus lectus nisl class eros.Condimentum a et ullamcorper dictumst mus et tristique elementum nam inceptos hac parturient scelerisque vestibulum amet elit ut volutpat.