18 Questions
What is an Access Control List (ACL)?
A set of rules that define which users or groups are granted access to a particular resource
What is a Capabilities Table?
A list of the access rights and privileges granted to a user or group
What is a Systems-Specific Security Policy (SysSP)?
A detailed policy that provides guidance for the use of a specific resource or technology
What is an Access Control Matrix?
An integration of access control lists and capability tables that results in a matrix with organizational assets and users
What is an Enterprise Information Security Policy (EISP)?
A high-level policy that sets the strategic direction, scope, and tone for all of an organization's security efforts
Which type of security policy provides detailed, targeted guidance for the use of a specific resource or technology?
Systems-Specific Security Policy (SysSP)
What is a capabilities table in the context of access control?
A list of user permissions associated with a particular subject
What is the primary purpose of a Systems-Specific Security Policy (SysSP)?
To express management's intent for the acquisition, implementation, configuration, and management of a particular technology
What is the difference between managerial guidance and technical specifications in a SysSP?
Managerial guidance is written from a business perspective, while technical specifications are written from a technical perspective
What is the role of a policy administrator in an organization?
To create, revise, distribute, and store policies
What is the purpose of a sunset clause in a policy or law?
To define the expected end date for the applicability of the policy or law
Which of the following is a key component of a technical specifications SysSP?
Configuration rules
Which of the following is a type of security policy that management must define?
Systems-Specific Security Policy (SysSP)
What is the term used to describe the layered implementation of security?
Defense in depth
Which of the following is considered one of the least frequently implemented but most beneficial programs in an organization?
Security awareness program
What should be a driving force in the planning and governance activities of an organization?
Enterprise information security policy (EISP)
Which of the following describes the steps that must be taken to conform to policies?
Standards
What is the term used to describe a detailed security policy that addresses a specific issue or topic?
Issue-specific security policy
Test your knowledge on Enterprise Information Security Policy (EISP) which sets the strategic direction, scope, and tone for all of an organization’s security efforts. Explore the standards and guidelines related to password requirements and overall information security practices.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free