User Account

All Pages

Should be risk-based and driven by business needs

Assignment Help Management Information Sys
Reference no: EM131256033

TRUE/FALSE QUESTIONS:

1. Threats are attacks carried out.

2. Computer security is protection of the integrity, availability, and confidentiality of information system resources.

3. Data integrity assures that information and programs are changed only in a specified and authorized manner.

4. Availability assures that systems works promptly and service is not denied to authorized users.

5. The "A" in the CIA triad stands for "authenticity".

6. Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them.

7. Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system.

8. Hardware is the most vulnerable to attack and the least susceptible to automated controls.

9. Contingency planning is a functional area that primarily requires computer security technical measures.

10. X.800 architecture was developed as an international standard and focuses on security in the context of networks and communications.

11. Assurance is the process of examining a computer product or system with respect to certain criteria.

12. One of the most influential computer security models is the Bell-LaPadula model.

13. The BLP model effectively breaks down when (untrusted) low classified executable data are allowed to be executed by a high clearance (trusted) subject.

14. The Biba models deals with confidentiality and is concerned with unauthorized disclosure of information.

15. Multilevel security is of interest when there is a requirement to maintain a resource in which multiple levels of data sensitivity are defined.

16. The addition of multilevel security to a database system does not increase the complexity of the access control function.

17. The Common Criteria for Information Technology and Security Evaluation are ISO standards for specifying security requirements and defining evaluation criteria.

18. Organizational security objectives identify what IT security outcomes should be achieved.

19. The assignment of responsibilities relating to the management of IT security and the organizational infrastructure is not addressed in a corporate security policy.

20. It is not critical that an organization's IT security policy have full approval or buy-in by senior management.

21. Because the responsibility for IT security is shared across the organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control.

22. A major disadvantage of the baseline risk assessment approach is the significant cost in time, resources, and expertise needed to perform the analysis.

23. A threat may be either natural or human made and may be accidental or deliberate.

24. To ensure that a suitable level of security is maintained, management must follow up the implementation with an evaluation of the effectiveness of the security controls.

25. Detection and recovery controls provide a means to restore lost computing resources.

26. Physical access or environmental controls are only relevant to areas housing the relevant equipment.

27. Once in place controls cannot be adjusted, regardless of the results of risk assessment of systems in the organization.

28. It is likely that the organization will not have the resources to implement all the recommended controls.

29. The selection of recommended controls is not guided by legal requirements.

30. The implementation phase comprises not only the direct implementation of the controls, but also the associated training and general security awareness programs for the organization.

31. Appropriate security awareness training for all personnel in an organization, along with specific training relating to particular systems and controls, is an essential component in implementing controls.

32. Security architecture, and which controls you elect to put in place, should be risk-based and driven by business needs, expressed in policy.

33. For the cost effect, Commercial organizations and federal agencies tend to have a simple security architecture, whether explicit or not.

34. The ISO/IEC 27000 series is much more commonly applied in government than in commercial organizations.

35. Management should set a simple policy direction in line with business plans and demonstrate support for, and commitment to, IT security through the issue and maintenance of an IT security policy across the organization.

36. Access to information, information processing facilities, and business processes should be controlled on the basis of employee's requirements.

37. Access control rules do not have to take account of policies for information dissemination and authorization.

38. NIST Special Publication 800-53 Recommended Security Controls for Commercial Information Systems.

39. The primary characteristic of the SABSA model is that everything must be derived from an analysis of the user's requirements for security.

40. COBIT includes best practices, measures, and processes organizations can implement to standardize (and theoretically improve) IT management.

Reference no: EM131256033

Questions Cloud

Identifies potential sources of supply : Explain how a buyer identifies potential sources of supply, what tools are used, and when it is necessary to look for new suppliers?
Systems inventory and intermittent systems inventory : 1. Explain the functions of both continuous systems inventory and intermittent systems inventory, and then in your own words, explain the five main types of inventory and why they are necessary.
Agree with the results of your assessment : Write a 1,050-word paper in which you address the following: Do you agree with the results of your assessment? Based on the results of your assessment, what do you see as your strengths and weaknesses?
Purchase the ruby red slippers worn : Dorothy Fan entered into a written contract to purchase the ruby red slippers worn in The Wizard of Oz. She and the owner signed the contract and she agreed to pay $500,000. The owner of the ruby slippers then changed his mind. If Dorothy sues to ..
Should be risk-based and driven by business needs : Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them. Many security administrators view strong security as an impediment to efficient and user-friendly oper..
Compare and contrast your results using two theories : Compare and contrast your results using two theories; Choose the result that you consider to be the best resolution of the dilemma and explain why
Explain supply and demand : Please Explain supply and demand? The demand curve with microeconomic principles such as Monetary and Fisccal Policy? Price Elasticity, cross price elasticity, income elasticity, and price elasticity of supply?
Determine the required feed rate that will achieve : The surface finish specification in a turning job is 0.8 mm. The work material is cast iron. Cutting speed = 75 m/min, feed = 0.3 mm/rev, and depth of cut = 4.0 mm. The nose radius of the cutting tool must be selected. Determine the minimum nose r..
Capable of becoming best in class : What are some possible indicators on a supplier visit that might determine whether the managers in a company are forward looking or whether the company is capable of becoming best in class?

Reviews

Write a Review

Management Information Sys Questions & Answers

  Is managementthe is management position the coordinates all

is managementthe is management position the coordinates all systems maintenance projects allocates systems analysts and

  Discuss the implications of this concept on the cio

Reflect upon Robert Stephens' discussion of "Freedom with Fences" from Chapter 1 of CIO Best Practices. Discuss the implications of this concept on the CIO, the IT organization, and the technologies that are managed by the IT organization

  Document for frequent shopper program

Technical architecture document for frequent shopper program and Implementation steps and procedures necessary to achieve operational status

  Advantages and disadvantages of cloud computing

Predictions about its future. Advantages and disadvantages of cloud computing

  How the government can use prevention and resistance

Analyze how the government can use prevention and resistance technologies to safeguard its employees from hackers and viruses

  Explain what data protection would entail

Based on what you have learned about data protection in an online environment, prepare a 5-slide presentation to a department head or the CEO of a company to convince the audience that data protection controls would benefit their business.

  Defend against unauthorized access and data loss

defend against unauthorized access and data loss potentially compromising intellectual assets, sensitive data and the company's reputation in the marketplace.

  Explain business processes with a new mis

What attributes do you think make up a system that is optimized for the greatest convenience to users and What factors would lead a business to decide that it is time to improve its business processes with a new MIS?

  California city uses a police-beat allocation system it is

california city uses a police-beat allocation system it is an example of what?a california city uses a police-beat

  Organizational impacts of implementing the strategic plan

positive organizational impacts of implementing the strategic plan. Justify your response. and Specify the current situation of the company with regard to its technology and security aspects

  What is the purpose of the business impact analysis

What is the purpose of the business impact analysis (BIA)? What is the difference between a disaster recovery plan (DRP) and a business continuity plan (BCP)?

  What is a flexible budget

Even through all your telecommunications providers have upgraded to fiber optic cable, your heavily used company wide network is showing an unusually high rate of data collisions and data resends. Which of the following would be the LAST area of c..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd