FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 4: Information Security Policy

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 21

Short Answer

Review LaterAdd Note

Review Later

The ____________________ layer is the place where threats from public networks meet the organization's networking infrastructure in the bull's-eye model.

Correct Answer

verified

Show Answer

Question 22

Multiple Choice

Review LaterAdd Note

Review Later

Policies must also specify the penalties for unacceptable behavior and define a(n) ____.

A) appeals process
B) legal recourse
C) responsible managers
D) requirements for revision

E) B) and C)
F) A) and D)

Correct Answer

verified

Show Answer

Question 23

Multiple Choice

Review LaterAdd Note

According to Confucius,"Tell me,and I forget; show me,and I remember; let me do and I ____."

Typically,the information security policy administrator is ____.

Information security policies do not require a champion.

To ensure ____,an organization must demonstrate that it is continuously attempting to meet the requirements of the market in which it operates.

A(n)____________________ screen is an acknowledgment screen that does not require any unusual action on the part of the user to move past the screen.

The Prohibited Usage of Equipment section of the ISSP specifies the penalties and repercussions of violating the usage and systems management policies._________________________

A risk assessment is performed during the ____ phase of the SecSDLC.

For most corporate documents,a score of ____ is preferred as a Flesch-Kincaid Grade Level score.

A policy should be "signed into law" by a high-level manager before the collection and review of employee input.

Information security is defined in the ____ component of an EISP.

The three types of information security policies include enterprise information security program policy,issue-specific security policies,and ____________________ security policies.

An organization may include a set of disclaimers in the ____ section of the ISSP.

When more than two audiences are to be addressed by separate policy documents,it is recommended that a(n)____________________ be prepared before actually writing the first draft policy documents.

In the modular approach to creating the ISSP,each of the modules is created and updated by the individuals who are responsible for a specific issue.

Access control lists can be used to control access to file storage systems.

____ are used to create procedures.

Which of the following would not necessarily be a good reference or resource in writing good policy documents from scratch?

A detailed outline of the scope of the policy development project is created during the ____ phase of the SecSDLC.