Principles of Information Security Chapter 5 Quiz

What should security policies never contradict?

Security controls
Technological standards
Organizational laws (correct)
Management instructions

What is the role of policies in information security?

Serve as the basis for all information security efforts (correct)
Are the most expensive controls to execute
Direct how technologies should be used
Explain how to comply with standards

Which term refers to more detailed statements of what must be done to comply with policy?

Guidelines
Procedures
Standards (correct)
Practices

Why are security policies considered the least expensive controls to execute?

Because they require less technological investment (B) Signup and view all the answers

What is necessary for a policy to be effective, according to the text?

It must be strictly enforced (A) Signup and view all the answers

Which term is used alternatively to refer to an Enterprise Information Security Policy (EISP)?

Organizational Security Policy (A) Signup and view all the answers

What is a key role of management in information security?

Enforcing information security policies (D) Signup and view all the answers

What is the purpose of an information security blueprint?

To support the information security program (C) Signup and view all the answers

How can an organization institutionalize its information security policies?

Through education, training, and awareness programs (C) Signup and view all the answers

What is the relationship between contingency planning and incident response planning?

They serve the same purpose (A) Signup and view all the answers

How does strategic planning contribute to information security?

By determining the long-term direction of the organization (B) Signup and view all the answers

Why is the development of an information security blueprint essential for organizations?

To meet the information security needs of various communities of interest (A) Signup and view all the answers

What distinguishes an incident from a disaster?

The severity of the event (C) Signup and view all the answers

What is a key responsibility of the crisis management team during a disaster?

Keeping the public informed (A) Signup and view all the answers

What is an essential step in the contingency planning process?

Testing and revising the strategy (A) Signup and view all the answers

What is the purpose of off-site disaster data storage?

To facilitate quick recovery after a disaster (A) Signup and view all the answers

Who is responsible for determining the impact on normal business operations during a crisis?

Crisis management team (A) Signup and view all the answers

When should law enforcement be involved according to the text?

When an incident constitutes a violation of law (C) Signup and view all the answers

What is one advantage of involving law enforcement agencies in a case?

They may be better equipped at processing evidence (B) Signup and view all the answers

What is a disadvantage of involving law enforcement agencies in a case?

The organization's equipment may be tagged as evidence (D) Signup and view all the answers

Why is information security education, training, and awareness (SETA) important?

It decreases organizational resistance to attacks (B) Signup and view all the answers

What does contingency planning (CP) consist of?

Incident response planning, disaster recovery planning, and business continuity planning (D) Signup and view all the answers

If an organization detects a criminal act, what is it legally obligated to do?

Involve appropriate law enforcement officials (C) Signup and view all the answers

What is the role of management in information security?

Plays an essential role in development, maintenance, and enforcement of information security policies (D) Signup and view all the answers

What is the primary purpose of an Executive Information Security Policy (EISP)?

Set strategic direction and tone for security efforts (A) Signup and view all the answers

Which of the following is NOT typically included in an EISP?

Specific technology requirements (B) Signup and view all the answers

What is the main focus of Issue-Specific Security Policies (ISSPs)?

Addressing specific technology areas (C) Signup and view all the answers

Which of the following is NOT a component of Issue-Specific Security Policies (ISSPs)?

Physical security measures (C) Signup and view all the answers

What role does a policy administrator play in maintaining effective security policies?

Ensuring policies stay relevant and effective (C) Signup and view all the answers

What does the Information Security Blueprint serve as a detailed plan for?

Security policies, education programs, and technological controls (C) Signup and view all the answers

What does ISO 27000 Series provide in the context of information security?

A framework for information security management and organizational security policy development (A) Signup and view all the answers

What is the main focus of NIST Security Models?

Producing guidelines for securing IT systems (D) Signup and view all the answers

What key aspects are involved in the design of Security Architecture?

Levels of controls, defense in depth, and security perimeters (B) Signup and view all the answers

What is the aim of a Security Education, Training, and Awareness Program?

To reduce accidental breaches through education, training, and awareness initiatives (A) Signup and view all the answers