User Account

All Pages

Security awareness programs for the organization

Assignment Help Computer Engineering
Reference no: EM131722579

TRUE/FALSE QUESTIONS:

1. Threats are attacks carried out.

2. Computer security is protection of the integrity, availability, and confidentiality of information system resources.

3. Data integrity assures that information and programs are changed only in a specified and authorized manner.

4. Availability assures that systems works promptly and service is not denied to authorized users.

5. The "A" in the CIA triad stands for "authenticity".

6. Computer security is essentially a battle of wits between a perpetrator who tries to find holes and the administrator who tries to close them.

7. Many security administrators view strong security as an impediment to efficient and user-friendly operation of an information system.

8. Hardware is the most vulnerable to attack and the least susceptible to automated controls.

9. Contingency planning is a functional area that primarily requires computer security technical measures.

10. X.800 architecture was developed as an international standard and focuses on security in the context of networks and communications.

11. Assurance is the process of examining a computer product or system with respect to certain criteria.

12. One of the most influential computer security models is the Bell-LaPadula model.

13. The BLP model effectively breaks down when (untrusted) low classified executable data are allowed to be executed by a high clearance (trusted) subject.

14. The Biba models deals with confidentiality and is concerned with unauthorized disclosure of information.

15. Multilevel security is of interest when there is a requirement to maintain a resource in which multiple levels of data sensitivity are defined.

16. The addition of multilevel security to a database system does not increase the complexity of the access control function.

17. The Common Criteria for Information Technology and Security Evaluation are ISO standards for specifying security requirements and defining evaluation criteria.

18. Organizational security objectives identify what IT security outcomes should be achieved.

19. The assignment of responsibilities relating to the management of IT security and the organizational infrastructure is not addressed in a corporate security policy.

20. It is not critical that an organization's IT security policy have full approval or buy-in by senior management.

21. Because the responsibility for IT security is shared across the organization, there is a risk of inconsistent implementation of security and a loss of central monitoring and control.

22. A major disadvantage of the baseline risk assessment approach is the significant cost in time, resources, and expertise needed to perform the analysis.

23. A threat may be either natural or human made and may be accidental or deliberate.

24. To ensure that a suitable level of security is maintained, management must follow up the implementation with an evaluation of the effectiveness of the security controls.

25. Detection and recovery controls provide a means to restore lost computing resources.

26. Physical access or environmental controls are only relevant to areas housing the relevant equipment.

27. Once in place controls cannot be adjusted, regardless of the results of risk assessment of systems in the organization.

28. It is likely that the organization will not have the resources to implement all the recommended controls.

29. The selection of recommended controls is not guided by legal requirements.

30. The implementation phase comprises not only the direct implementation of the controls, but also the associated training and general security awareness programs for the organization.

31. Appropriate security awareness training for all personnel in an organization, along with specific training relating to particular systems and controls, is an essential component in implementing controls.

32. Security architecture, and which controls you elect to put in place, should be risk-based and driven by business needs, expressed in policy.

33. For the cost effect, Commercial organizations and federal agencies tend to have a simple security architecture, whether explicit or not.

34. The ISO/IEC 27000 series is much more commonly applied in government than in commercial organizations.

35. Management should set a simple policy direction in line with business plans and demonstrate support for, and commitment to, IT security through the issue and maintenance of an IT security policy across the organization.

36. Access to information, information processing facilities, and business processes should be controlled on the basis of employee's requirements.

37. Access control rules do not have to take account of policies for information dissemination and authorization.

38. NIST Special Publication 800-53 Recommended Security Controls for Commercial Information Systems.

39. The primary characteristic of the SABSA model is that everything must be derived from an analysis of the user's requirements for security.

40. COBIT includes best practices, measures, and processes organizations can implement to standardize (and theoretically improve) IT management.

Reference no: EM131722579

Questions Cloud

Marketing strategies of smes : Marketing strategies of SMEs - Explain in general what do you mean by research strategy - Explain in general what do you mean by research philosophy
Form of personality development : Talk a bit about how the techniques (operant conditioning) in this form of personality development may have been used by your parents
Determine three to four challenges you may encounter : Provide an example situation that utilizes the five-step plan, and determine three to four challenges you may encounter using this approach.
Business contributions of diverse workers : What is your opinion about the workforce composition and the business contributions of diverse workers.
Security awareness programs for the organization : Security architecture, and which controls you elect to put in place, should be risk-based and driven by business needs, expressed in policy.
Explaining the reasoning behind your thoughts and actions : assume the role of either Marietta or Jeremy. Write a 400 word essay explaining the reasoning behind your thoughts and actions.
Effective leadership abilities are fundamental : Effective leadership abilities are fundamental whether it's in the work environment, in the home, and at school. In section 8 the subject of talk
In reviewing a claim under the equal pay act : In reviewing a claim under the Equal Pay Act, do the courts require that the jobs in question be identical?
How to provide professional constructive feedback : For example, perhaps you are in a leadership role at Y Company and you want to train others on how to provide professional constructive feedback.

Reviews

Write a Review

Computer Engineering Questions & Answers

  View the process of making changes as recursive

You can view the process of making changes as recursive - I can't do this problem for some reason could somebody provide the answer of the given question?

  A digital representation of information oten includes a

a digital representation of information oten involves a tradeoff between the amount of storage required and the

  Define your usage of the mailing list

plan an E-R Diagram showing each entity, its attributes, and it relationships to the other entities. State any assumptions you make. Also Describe your usage of the mailing list, including the dates and subjects of the postings.

  Comparing the product attributes of companies

Compare and contrast their product attributes in order to understand whether the offerings are becoming differentiated or more alike as a result.

  The process of doing dissertation and the details are as

the process of doing dissertation and the details are as below.the main idea of the project is simultaneous

  Representation in both hexadecimal and binary

Show 75 in the IEEE single precision floating point representation in both Hexadecimal and Binary. Please demonstrate the steps so I can emulate.

  Which will be executed had these names

How would I write down a shell script to locate executable files? This script takes a list of file names from the command line and determines which would be executed had these names been given as commands.

  Main window with a game menu

Change your code so that when the purchase button is pressed, a dialog box appears to allow the user to enter purchasing information and to confirm the purchase.

  Questionboolean calculator two continue solution program

questionboolean calculator two continue solution program from the preceding exercise by implementing following

  What was the strategic benefit to microsoft of outsourcing

what was the strategic advantage to microsoft of outsourcing xbox production to flextronics?what were the risks

  What is the maximum allowable conversion time for the a-d

An A/D convener is required to digitize a I kHz. sinusoidal waveform. What is the maximum allowable conversion time for the A/D?

  Find out a description of a software development process

Find out a description of a software development process,preferably with a description on the web.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd