SCIA 370 Chapter 2

Description

Test 1 chapters 1-5
Tyler Rock
Flashcards by Tyler Rock, updated more than 1 year ago
Tyler Rock
Created by Tyler Rock about 5 years ago
487
0

Resource summary

Question Answer
Although it is impossible to eliminate all business risks, a good policy can reduce the likelihood of risk occurring or reduce its impact. A business must find a way to balance a number of competing drivers. Which of the following is not one of these drivers? A. Cost B. Customer Satisfaction C. Compliance D. Regulation D. Regulation
A(n) ___________________ is a confirmed event that compromises the confidentiality, integrity, or availability of information. A. Breach B. residual risk C. operational deviation D. threat A. Breach
In 2013, the national retailer Target Corporation suffered a major data breach that put the financial information of an estimated 40 million customers at risk. In 2009, the health care provider BlueCross BlueShield of Tennessee suffered a theft of hard drives when it reported 57 hard drives stolen. Both these cases resulted from a(n) ________________ failure. A. regulation B. security policy C. intellectual property D. compliance B. security policy
The key to security policy is being able to measure compliance against a set of controls. Security controls define ___________ you protect the information. The security policies should define ___________ you set the goal. A. how, why B. why, how C. whether, if D. where, when A. how, why
An organization mandates that all attempts by traders to use the Internet should be logged, and that each trader’s log should be reviewed by a manager at least monthly to ensure compliance. Which of the following questions concerning security is being addressed? A. How will information be protected? B. Why is the security goal being set? C. What type of protection will be achieved? D. How do you measure whether both the policy and the right processes were followed? D. How do you measure whether both the policy and the right processes were followed?
There are many distinct benefits to control measurement. Which of the following benefits is the result of determining which security controls to measure? A. defines the effectiveness of the controls being measured B. defines the scope of the compliance being measured C. defines the impact to the business if the goals are not achieved D. defines how the policy will be enforced B. defines the scope of the compliance being measured
There are a number of classifications that can be applied to security controls. Which of the following is not one the classifications? A. physical control B. physical control C. preventive control D. technical control C. preventive control
Which of the following security control design types does not prevent incidents or breaches immediately and relies on a human to decide what action to take? A. detective control B. automated control C. corrective control D. corrective control A. detective control
If human action is required, the control is considered _______________. A. corrective B. automated C. manual D. preventative C. manual
A good security awareness program makes employees aware of the behaviors expected of them. All security awareness programs have two enforcement components: the carrot and the stick. Which of the following best captures the relationship of the two components? A. The carrot reminds the employees of the consequences of not following policy, and the stick aims to educate the employee about the importance of security policies. B. The carrot reminds employees that it is up to them whether to follow security policies, and the stick provides positive reinforcement for following policies. C. The carrot aims to educate the employee about the importance of security policies, and the stick reminds the employees of the consequences of not following policy. D. The carrot reminds employees exactly what the security policies are, and the stick provides the reward for remembering those policies. C. The carrot aims to educate the employee about the importance of security policies, and the stick reminds the employees of the consequences of not following policy.
A security awareness program can be implemented in many ways. Which of the following is the list of generally accepted principles for implementing a program? A. value, culture, support, relevance, metrics B. repetition, on-boarding, support, relevance, metrics C. label, classify, restrict, educate, support D. repetition, classify, support, relevance, filter B. repetition, on-boarding, support, relevance, metrics
A security awareness program gains credibility when the business sees a reduction of risk, and there are multiple benefits that come with a security awareness program that emphasizes the business risk. Which of the following is not one of the benefits? A. value B. culture C. resiliency D. relevance D. relevance
In business, intellectual property (IP) is a term applied broadly to any company information that is thought to bring an advantage. Protecting IP through security policies starts with human resources (HR). Which of the following is a challenge concerning HR policies about IP? A. HR policies are not legally permitted to establish a code of conduct regarding IP; they can only recommend best practices. B. Due to confidentiality, HR policies are prohibited from giving employees clear direction as to what the organization owns with respect to IP. C. HR policies and employment agreements about IP may or may not be enforceable, depending on current law and location. D. HR employment agreements enforce the confidentiality of IP after an employee leaves the organization. C. HR policies and employment agreements about IP may or may not be enforceable, depending on current law and location.
Once an organization clearly defines its IP, the security policies should specify how to ___________ documents with marks or comments, and ____________ the data, which determines in what location the sensitive file should be placed. A. label, classify B. restrict, filter C. label, filter D. classify, restrict. A. label, classify
_______________ are owned by an organization if they are created on the computer by company employees or if the assets were custom developed for and purchased by the organization. A. Intellectual properties B. Digital Assets C. Classified Data D. Security controls B. Digital Assets
The most senior leader responsible for managing an organization’s risks is the chief privacy officer (CPO). Which of the following is not one of the responsibilities of the CPO? A.The CPO is responsible for keeping up with privacy laws. B.The CPO also needs to understand how the laws impact business. C.The CPO must be a lawyer. D. The CPO must work closely with a technology team to create strong security policies. C.The CPO must be a lawyer.
Privacy regulations involve two important principles. _____________________ gives the consumer an understanding of what and how data is collected and used. ________________________ provides a standard for handling consumer information. A. Business liability, Legal obligation B. Acceptable use policies, Data encryption C. Full disclosure, Legal obligation D. Full disclosure, Data encryption D. Full disclosure, Data encryption
Which of the following statement states the difference between business liability and a business’s legal obligation? A. Business liability occurs when a company fails to meet its obligation to its employees and community. A business’s legal obligation is an action that it is required to take in compliance with the law. B. Business obligation occurs when an organization cannot meet its business liability. C. A business’s liability is an action the business is required to take in compliance with the law, whereas a business obligation occurs when a company fails to meet the standards established by its employees and community. D. Business liability is a legal commitment, whereas business obligation is a subset of an organization’s overall risk exposure. A. Business liability occurs when a company fails to meet its obligation to its employees and community. A business’s legal obligation is an action that it is required to take in compliance with the law.
___________________________ are formal written policies describing employee behavior when using company computer and network systems. A. Mitigating controls B. Nondisclosure agreements C. Confidentiality agreements D. Acceptable use policies D. Acceptable use policies
When trying to achieve operational consistency, which of following oversight phases performs the function of periodically assessing to ensure desired results are achieved? A. improve B. measure C. review D. manage C. review
Show full summary Hide full summary

Similar

Ch. 2 Ancient Mesopotamia & Egypt
msandovalbarrios
Cell Biology Chapter 2
Sheridyn11
Edexcel Biology Chapter 2
Anna Bowring
The Giver Chapters 1-2
Corey Marino
Genki II Chapter 2 Vocabulary
Lissa Hickey
The Energy and Chemistry of Life
jensha21285
Biology (level 0 part 2)
jmlari12
SCIA 370 Chapter 5
Tyler Rock
Ch 2 Test
Lau. Sha.
AS Level Maths - S1: Chapter 2
Ben C
HBSE 1 Exam 1
Alissa West