Podcast
Questions and Answers
What is the primary purpose of software license management?
What does 'data in motion' refer to?
Which of the following is NOT a phase in the information lifecycle as defined by ISO 27002?
What challenge is associated with data storage on physical media?
Signup and view all the answers
What does the retention phase in some models of the information lifecycle signify?
Signup and view all the answers
What is one of the responsibilities of software inventory management?
Signup and view all the answers
Which phase immediately precedes the deletion/destruction phase in the information lifecycle?
Signup and view all the answers
What type of data is referred to as being 'at rest'?
Signup and view all the answers
What is a recommended practice for media that is no longer needed?
Signup and view all the answers
Which of the following should NOT be included in the documentation requirements for transporting media?
Signup and view all the answers
What should staff or couriers understand regarding the transport of media?
Signup and view all the answers
When transporting media, what must be considered about encryption?
Signup and view all the answers
What role do appointed custodians play in media transport?
Signup and view all the answers
What is the consequence of storing unnecessary data on media?
Signup and view all the answers
What procedure should be followed regarding media transport accountability?
Signup and view all the answers
How should responsibilities of custodians be managed during transport?
Signup and view all the answers
Why is it important for an organization to have a retention strategy for sensitive information?
Signup and view all the answers
What type of security control includes procedures like inspecting a perimeter fence?
Signup and view all the answers
Which of the following is an example of a technical or logical control?
Signup and view all the answers
What should an organization do if its information disposal processes do not match retention requirements?
Signup and view all the answers
Which of the following describes group policy objects (GPOs) in Windows-based systems?
Signup and view all the answers
What is the primary purpose of risk mitigation controls in information security?
Signup and view all the answers
What action is part of implementing physical security controls?
Signup and view all the answers
Which of the following best characterizes the relationship between security controls?
Signup and view all the answers
What is a key reason mature organizations review their policies?
Signup and view all the answers
Who typically needs to consider changes in policies due to external factors?
Signup and view all the answers
What differentiates a policy from a sub-policy?
Signup and view all the answers
Which of the following would likely be of primary interest to management?
Signup and view all the answers
What challenge does the diverse use of the term 'policy' present in organizations?
Signup and view all the answers
What aspect of organizational governance may lead to more frequent policy changes?
Signup and view all the answers
How should the use of the term 'policy' be interpreted in the context of security practice?
Signup and view all the answers
Which factor may disrupt the understanding of information security practices internationally?
Signup and view all the answers
What is the purpose of a configuration management plan?
Signup and view all the answers
What is a configuration item (CI)?
Signup and view all the answers
Who manages the configuration management plan within an organization?
Signup and view all the answers
Which of the following best describes a baseline configuration?
Signup and view all the answers
What is one of the primary roles of the change control board (CCB)?
Signup and view all the answers
Why is record-keeping essential in a configuration management and change control system?
Signup and view all the answers
In the context of configuration management, what is the role of a stakeholder in the CCB?
Signup and view all the answers
What could happen if a backup image does not match the known configuration baseline?
Signup and view all the answers
Study Notes
Software Licensing and Data Storage
- Software license tools can often save money by detecting and eliminating duplicate licenses.
- Data is either being used, in motion, or stored.
- Data in motion refers to the transfer of data across networks, communications links, or to and from storage devices.
- Data at rest is data stored in endpoint devices, removable media, and storage subsystems.
- Data storage on paper, removable storage media, and devices needs to be secured when in transit.
Information Lifecycle
- ISO 27002 defines the information lifecycle in five phases: creation, processing, storage, transmission, and deletion/destruction.
- Security controls are categorized as physical, technical (or logical), and administrative elements.
- Physical controls include physical barriers, security patrols, and maintenance.
- Technical controls are software and data settings that govern how systems behave.
- Administrative controls are policies and procedures that define how systems are managed.
Security Policy and Compliance
- Security policies are written statements of security rules, objectives, and strategies.
- Policy review processes should address the changing needs of external stakeholders.
- Subpolicies amplify higher-level policies and provide more specific instructions.
- A challenge for the information security community is the lack of a common language.
Data Storage and Disposal
- Organizations should have a defined set of procedures for securing and transporting media outside of controlled areas.
- Media transport procedures should include transportation methods, routes, and handling considerations.
- Every category of corporate or private-sector sensitive information should have a retention strategy defined.
- Media disposal and information retention plans must match to ensure compliance.
Configuration Management and Change Control
- A configuration management (CM) plan defines how an organization manages the configuration of its hardware and software assets.
- A configuration control board (CCB) manages the CM plan and approves changes.
- A configuration item (CI) is a single, discreet component of an IT system that has configurable settings.
- A baseline configuration is a defined set of configurations for a CI that has been formally reviewed and approved.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Explore the essentials of software licensing and the information lifecycle through this quiz. Understand how to manage data effectively in its various states, including in motion and at rest. Learn about security controls and the importance of proper data storage and transmission.