SECS DLC Phase 1 Quiz: Support Services II Chapter 3 Flashcards

Podcast Beta

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What type of plans are used to organize the ongoing, day-to-day performance of tasks?

Strategic

Operational (correct)

Tactical

Organizational

Which of the following is true about mission statements?

They express the aspirations of the organization

They are not meant to be probable

They should be ambitious

They express what the organization is (correct)

What approach to security implementation is frequently referred to as a grass-roots effort?

Top-down

SecSDLC

Bottom-up (correct)

SDLC

Which statement contains a formal set of organizational principles, standards, and qualities?

Values Signup and view all the answers

A SDLC-based project that is the result of a carefully developed strategy is said to be ____.Select one:

Plan-driven Signup and view all the answers

True or False: The person initiating security implementation in a top-down approach is usually a network administrator.

False Signup and view all the answers

What is the main focus of the Security Systems Development Life Cycle (SecSDLC)?

Analysis Signup and view all the answers

Which term is used to describe an identified weakness in a controlled system?

Vulnerability Signup and view all the answers

True or False: Vision statements are usually supposed to be conservative.

False Signup and view all the answers

In information security, what is the responsibility of an organization's employees?

Implement policy, report security vulnerabilities and breaches Signup and view all the answers

What type of threats are caused by human error or failure?

Accidents threats Signup and view all the answers

Which phase of the Security Systems Development Life Cycle (SecSDLC) is considered the most crucial?

Analysis Signup and view all the answers

What analysis is performed at the end of the investigation phase of the security systems development life cycle (SecSDLC)?

Feasibility Signup and view all the answers

What is the usual focus of tactical planning?

One to three years Signup and view all the answers

Which type of plan is used to create strategic plans?

Operational plans Signup and view all the answers

During which phase in the IDEAL model does an organization plan the specifics of how it will reach its security goal?

Establishing Signup and view all the answers

What is a constant threat to an asset called?

Threat Signup and view all the answers

What is a technique or mechanism used to compromise a system known as?

Exploit Signup and view all the answers

Which type of planning has a more short-term focus than tactical planning?

Strategic planning Signup and view all the answers

In the IDEAL model, which phase lays the groundwork for a successful improvement effort?

Establishing Signup and view all the answers

Is it true that information security governance includes all accountabilities and methods undertaken by the board of directors and executive management to provide strategic direction and establish objectives?

True Signup and view all the answers

Which phase of the security systems development life cycle uses the information obtained during the analysis phase to propose a system-based solution?

Logical design Signup and view all the answers

Which is the first phase of the security systems development life cycle?

Investigation Signup and view all the answers

Who works with the information to perform their daily jobs supporting the organization's mission?

Data users Signup and view all the answers

Study Notes

Planning and Strategy

Operational plans are used to organize the ongoing, day-to-day performance of tasks.
Mission statements express the aspirations of the organization and should be ambitious.

Security Implementation

A bottom-up approach to security implementation is often referred to as a grass-roots effort.
In a top-down approach, the person initiating security implementation is usually a CISO or high-ranking executive.
The CISO plays a more active role in setting security policy, procedures, programs, and training for the organization.

Security Systems Development Life Cycle (SecSDLC)

The first phase of the SecSDLC is the investigation phase.
During the analysis phase, a feasibility analysis is performed.
In the logical design phase, the information obtained during the analysis phase is used to develop a proposed system-based solution for the business problem.

Information Security Governance

Information security governance includes all accountabilities and methods undertaken by the board of directors and executive management to provide strategic direction and establish objectives.
The CISO is responsible for setting security policy, procedures, programs, and training for the organization.

Threats and Vulnerabilities

An identified weakness of a controlled system is known as a vulnerability.
A threat is a category of objects, persons, or other entities that represent a constant threat to an asset.
An exploit is a technique or mechanism used to compromise a system.

IDEAL Model

The IDEAL model is a framework for implementing security improvements.
The initiating phase lays the groundwork for a successful improvement effort.
During the establishing phase, the organization plans the specifics of how it will reach its security goal.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

Test your knowledge on Chapter 3 of the course SSO2010: Support Services II. This quiz covers topics related to threats, including categories of threats such as human error or failure.

SSO2010: Support Services II - Chapter 3 Test