SlideShare a Scribd company logo

Chapter 05 developing_the_security_program

Download as DOCX, PDF
H
husseinalshomali

The document discusses developing an information security program, including training methods and project planning tools. It provides examples of true/false questions about security program elements like the security education, training, and awareness program and work breakdown structure. Key aspects covered include the purpose of SETA to reduce accidental breaches, training methods like one-on-one and formal classes, and that the WBS documents minimum task attributes like work, individuals assigned, dates and expenses.

Technology
1 of 8
Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 1 1. Small organizations spend more per user on security than medium- and large-sized organizations. a. True b. False ANSWER: True 2. Legal assessment for the implementation of the information security program is almost always done by the information security or IT departments. a. True b. False ANSWER: False 3. Threats from insiders are more likely in a small organization than in a large one. a. True b. False ANSWER: False 4. The security education, training, and awareness (SETA) program is designed to reduce the occurence of external security attacks. a. True b. False ANSWER: False 5. On-the-job training can result in substandard work performance while the trainee gets up to speed. a. True b. False ANSWER: True 6. The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables. a. True b. False ANSWER: False 7. Planners need to estimate the effort required to complete each task, subtask, or action step. a. True b. False ANSWER: True 8. The work breakdown structure (WBS) can only be prepared with a complex specialized desktop PC application. a. True b. False ANSWER: False 9. A task or subtask becomes a(n) action step when it can be completed by one individual or skill set and when it includes a single deliverable. _________________________ ANSWER: True
Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 2 10. Each organization has to determine its own project management methodology for IT and information security projects. a. True b. False ANSWER: True 11. In the early stages of planning, the project planner should attempt to specify completion dates only for major employees within the project. _________________________ ANSWER: False - milestones 12. Most information security projects require a trained project developer. _________________________ ANSWER: False - manager 13. Which of the following variables is the most influential in determining how to structure an information security program? a. Security capital budget b. Organizational size c. Security personnel budget d. Organizational culture ANSWER: d 14. Which of the following is true about the security staffing, budget, and needs of a medium-sized organization? a. they have a larger security staff than a small organization b. they have a larger security budget (as percent of IT budget) than a small organization c. they have a smaller security budget (as percent of IT budget) than a large organization d. they have larger information security needs than a small organization ANSWER: d 15. Which of the following functions includes identifying the sources of risk and may include offering advice on controls that can reduce risk? a. Risk management b. Risk assessment c. Systems testing d. Vulnerability assessment ANSWER: b 16. Which of the following functions needed to implement the information security program evaluates patches used to close software vulnerabilities and acceptance testing of new systems to assure compliance with policy and effectiveness? a. Systems testing b. Risk assessment c. Incident response d. Systems security administration ANSWER: a 17. Which function needed to implement the information security program includes researching, creating, maintaining, and promoting information security plans? a. compliance b. policy c. planning d. systems security administration ANSWER: c 18. Which of the following is NOT among the functions typically performed within the InfoSec department as a compliance enforcement obligation? a. policy
Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 3 b. centralized authentication c. compliance/audit d. risk management ANSWER: b 19. Which of the following would be responsible for configuring firewalls and IDPSs, implementing security software, and diagnosing and troubleshooting problems? a. A security technician b. A security analyst c. A security consultant d. The security manager ANSWER: a 20. GGG security is commonly used to describe which aspect of security? a. technical b. software c. physical d. theoretical ANSWER: c 21. What is the SETA program designed to do? a. reduce the occurrence of external attacks b. improve operations c. reduce the occurence of accidental security breaches d. increase the efficiency of InfoSec staff ANSWER: c 22. A SETA program consists of three elements: security education, security training, and which of the following?. a. security accountability b. security authentication c. security awareness d. security authorization ANSWER: c 23. The purpose of SETA is to enhance security in all but which of the following ways? a. by building in-depth knowledge b. by adding barriers c. by developing skills d. by improving awareness ANSWER: b 24. Advanced technical training can be selected or developed based on which of the following? a. level of previous education b. level of previous training c. technology product d. number of employees ANSWER: c 25. Which of the following is the first step in the process of implementing training? a. Identify training staff b. Identify target audiences c. Identify program scope, goals, and objectives
Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 4 d. Motivate management and employees ANSWER: c 26. Which of the following is an advantage of the one-on-one method of training? a. Trainees can learn from each other b. Very cost-effective c. Customized d. Maximizes use of company resources ANSWER: c 27. Which of the following is a disadvantage of the one-on-one training method? a. Inflexible b. May not be responsive to the needs of all the trainees c. Content may not be customized to the needs of the organization d. Resource intensive, to the point of being inefficient ANSWER: d 28. Which of the following is an advantage of the formal class method of training? a. Personal b. Self-paced, can go as fast or as slow as the trainee needs c. Can be scheduled to fit the needs of the trainee d. Interaction with trainer is possible ANSWER: d 29. Which of the following is an advantage of the user support group form of training? a. Usually conducted in an informal social setting b. Formal training plan c. Can be live, or can be archived and viewed at the trainee’s convenience d. Can be customized to the needs of the trainee ANSWER: a 30. Which of the following is NOT a step in the process of implementing training? a. administer the program b. hire expert consultants c. motivate management and employees d. identify target audiences ANSWER: b 31. __________ is a simple project management planning tool. a. RFP b. WBS c. ISO 17799 d. SDLC ANSWER: b 32. Which of the following is the most cost-effective method for disseminating security information and news to employees? a. distance learning seminars b. security-themed Web site
Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 5 c. conference calls d. security newsletter ANSWER: d 33. Which of the following is true about a company’s InfoSec awareness Web site? a. it should contain large images to maintain interest b. appearance doesn’t matter if the information is there c. it should be placed on the Internet for public use d. it should be tested with multiple browsers ANSWER: d 34. An organization’s information security program refers to the entire set of activities, resources, personnel, and technologies used by an organization to manage the risks to the information _______ of the organization. ANSWER: assets 35. An organization carries out a risk ____________________ function to evaluate risks present in IT initiatives and/or systems. ANSWER: assessment 36. A study of information security positions found that positions can be classified into one of three types: ____________________ are the realtechnical types, who create and install security solutions. ANSWER: builders 37. The information security ____________________ is usually brought in when the organization makes the decision to outsource one or more aspects of its security program. ANSWER: consultant 38. The ____________________ program is designed to reduce the occurrence of accidental security breaches by members of the organization. ANSWER: security education, training, and awareness SETA 39. Project ____________________ is a description of a project’s features, capabilities, functions, and quality level, used as the basis of a project plan. ANSWER: scope 40. A(n) ____________________ is a specific point in the project plan when a task that has a noticeable impact on plan's the progress is complete. ANSWER: milestone 41. The project planner should describe the skills or personnel needed for a task, often referred to as a(n) ____________________, needed to accomplish a task. ANSWER: resource 42. The three methods for selecting or developing advanced technical training are by job category, by job function, and by ____________________. ANSWER: technology product
Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 6 43. The goal of a security ____________________ program is to keep information security at the forefront of users’ minds on a daily basis. ANSWER: awareness 44. ____________________ is a phenomenon in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than in accomplishing meaningful project work. ANSWER: Projectitis 45. Explain the conflict between the goals and objectives of the CIO and the CISO. ANSWER: The CIO, as the executive in charge of the organization’s technology, manages the efficiency in the processing and accessing of the organization’s information. Anything that limits access or slows information processing directly contradicts the CIO’s mission. On the other hand, the CISO functions more like an internal auditor, with the information security department examining existing systems to discover information security faults and flaws in technology, software, and employees’ activities and processes. At times, these activities may disrupt the processing and accessing of the organization’s information. 46. What is the security education, training, and awareness program? Describe how the program aims to enhance security. ANSWER: The security education, training, and awareness (SETA) program is designed to reduce the occurence of accidental security breaches by members of the organization. The program aims to enhance security in three ways: - By building in-depth knowledge, as needed, to design, implement, or operate security programs for organizations and systems - By developing skills and knowledge so that computer users can perform their jobs while using IT systems more securely - By improving awareness of the need to protect system resources 47. List the steps of the seven-step methodology for implementing training. ANSWER: The seven-step methodology for implementing training is as follows: Step 1: Identify program scope, goals, and objectives. Step 2: Identify training staff. Step 3: Identify target audiences. Step 4: Motivate management and employees. Step 5: Administer the program. Step 6: Maintain the program. Step 7: Evaluate the program. 48. What are some of the variables that determine how a given organization chooses to construct its InfoSec program? ANSWER: Among the variables that determine how a given organization chooses to structure its information security (InfoSec) program are organizational culture, size, security personnel budget, and security capital budget. 49. What are the four areas into which it is recommended to separate the functions of security? ANSWER: Functions performed by nontechnology business units outside the IT area of management control Functions performed by IT groups outside the InfoSec area of management control Functions performed within the InfoSec department as a customer service to the organization and its external partners Functions performed within the InfoSec department as a compliance enforcement obligation 50. Which security functions are normally performed by IT groups outside the InfoSec area of management control?
Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 7 ANSWER: Systems security administration Network security administration Centralized authentication 51. What are the components of the security program element described as preparing for contingencies and disasters? ANSWER: Business plan, identify resources, develop scenarios, develop strategies, test and revise plan. 52. What is the Chief Information Security Office primarily responsible for? ANSWER: The CISO is primarily responsible for the assessment, management, and implementation of the program that secures the organization’s information. 53. What is the role of help desk personnel in the InfoSec team? ANSWER: An important part of the InfoSec team is the help desk, which enhances the security team’s ability to identify potential problems. When a user calls the help desk with a complaint about his or her computer, the network, or an Internet connection, the user’s problem may turn out to be related to a bigger problem, such as a hacker, a DoS attack, or a virus. Because help desk technicians perform a specialized role in InfoSec, they need specialized training. These staff members must be prepared to identify and diagnose both traditional technical problems and threats to InfoSec. Their ability to do so may cut precious hours off of an incident response. 54. What is the purpose of a security awareness program? What advantage does an awareness program have for the InfoSec program? ANSWER: A security awareness program keeps InfoSec at the forefront of users’ minds on a daily basis. Awareness serves to instill a sense of responsibility and purpose in employees who handle and manage information, and it leads employees to care more about their work environment. a. InfoSec program b. SETA c. scope creep d. security watchstander e. security manager f. CISO g. projectitis h. critical path method i. security technicians j. security awareness program 55. In larger organizations, responsible for some aspect of information security; in smaller organizations, this title may be assigned to the only or senior security administrator. ANSWER: e 56. ANSWER: a 57. Occurs when a project manager spends more time working in the project management software than accomplishing meaningful project work. ANSWER: g
Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 8 58. Entry-level InfoSec professional responsible for the routine monitoring and operation of a particular InfoSec technology. ANSWER: d 59. ANSWER: i 60. A program designed to improve the security of information assets by providing targeted information, skills, and guidance for organizational employees. ANSWER: b 61. A diagramming technique designed to identify the sequence of tasks that make up the shortest elapsed time needed to complete a project. ANSWER: h 62. Typically considered the top information security officer in an organization. ANSWER: f 63. ANSWER: j 64. The expansion of the quantity or quality of project deliverables from the original project plan. ANSWER: c 65. What minimum attributes for project tasks does the WBS document? ANSWER: Work to be accomplished (activities and deliverables) Individuals (or skill set) assigned to perform the task Start and end dates for the task (when known) Amount of effort required for completion in hours or work days Estimated capital expenses for the task Estimated noncapital expenses for the task Identification of dependencies between and among tasks

Recommended

Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_modelshusseinalshomali
 
Chapter 10 planning_for_contingencies
Chapter 10 planning_for_contingenciesChapter 10 planning_for_contingencies
Chapter 10 planning_for_contingencieshusseinalshomali
 
Chapter 12 protection_mechanisms
Chapter 12 protection_mechanismsChapter 12 protection_mechanisms
Chapter 12 protection_mechanismshusseinalshomali
 
Chapter 11 personnel_and_security
Chapter 11 personnel_and_securityChapter 11 personnel_and_security
Chapter 11 personnel_and_securityhusseinalshomali
 
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...husseinalshomali
 
Chapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_riskChapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_riskhusseinalshomali
 
Chapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityChapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityhusseinalshomali
 
Chapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskChapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskhusseinalshomali
 

Recommended

Chapter 08 security_management_models
Chapter 08 security_management_modelsChapter 08 security_management_models
Chapter 08 security_management_modelshusseinalshomali
 
Chapter 10 planning_for_contingencies
Chapter 10 planning_for_contingenciesChapter 10 planning_for_contingencies
Chapter 10 planning_for_contingencieshusseinalshomali
 
Chapter 12 protection_mechanisms
Chapter 12 protection_mechanismsChapter 12 protection_mechanisms
Chapter 12 protection_mechanismshusseinalshomali
 
Chapter 11 personnel_and_security
Chapter 11 personnel_and_securityChapter 11 personnel_and_security
Chapter 11 personnel_and_securityhusseinalshomali
 
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...
Chapter 02 compliance_law_and_ethics test bank MANAGEMENT of INFORMATION SECU...husseinalshomali
 
Chapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_riskChapter 07 risk_management_controlling_risk
Chapter 07 risk_management_controlling_riskhusseinalshomali
 
Chapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityChapter 03 governance_and_strategic_planning_for_security
Chapter 03 governance_and_strategic_planning_for_securityhusseinalshomali
 
Chapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskChapter 06 risk_management_identifying_and_assessing_risk
Chapter 06 risk_management_identifying_and_assessing_riskhusseinalshomali
 
Chapter 04 information_security_policy
Chapter 04 information_security_policyChapter 04 information_security_policy
Chapter 04 information_security_policyhusseinalshomali
 
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editiontest bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editionhusseinalshomali
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practiceshusseinalshomali
 
351_dbproject
351_dbproject351_dbproject
351_dbprojectTyreik Williams
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in CybersecurityTeri Radichel
 
Bece 2012
Bece 2012Bece 2012
Bece 2012BISMARK AMOAH
 
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"EC-Council
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
Ebios
EbiosEbios
Ebioskilojolid
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Mukesh Chinta
 
Cyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CKCyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CKEyesOpen Association
 
Cast 14 2 sample exam
Cast 14 2 sample examCast 14 2 sample exam
Cast 14 2 sample examGowri Madheswaran
 
Guidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxGuidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxsrinivascooldude58
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
S3 DATA PROCESSING FIRST TERM PRE-WAEC (2ND HALF EXAMINATION)
S3 DATA PROCESSING FIRST TERM PRE-WAEC (2ND HALF EXAMINATION)S3 DATA PROCESSING FIRST TERM PRE-WAEC (2ND HALF EXAMINATION)
S3 DATA PROCESSING FIRST TERM PRE-WAEC (2ND HALF EXAMINATION)Ejiro Ndifereke
 
FINAL: San Francisco Cyber TTX exercise -- ESF 18 drill
FINAL: San Francisco Cyber TTX exercise -- ESF 18 drillFINAL: San Francisco Cyber TTX exercise -- ESF 18 drill
FINAL: San Francisco Cyber TTX exercise -- ESF 18 drillDavid Sweigert
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagramSyed Ubaid Ali Jafri
 
Risk 5 simplelearn-exam4-ans
Risk 5 simplelearn-exam4-ansRisk 5 simplelearn-exam4-ans
Risk 5 simplelearn-exam4-ansMohamed Saeed
 
ISA.pdf
ISA.pdfISA.pdf
ISA.pdftimbadiyaved
 

More Related Content

What's hot

Chapter 04 information_security_policy
Chapter 04 information_security_policyChapter 04 information_security_policy
Chapter 04 information_security_policyhusseinalshomali
 
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editiontest bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editionhusseinalshomali
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practiceshusseinalshomali
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in CybersecurityTeri Radichel
 
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"EC-Council
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Mukesh Chinta
 
Cyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CKCyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CKEyesOpen Association
 
Guidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxGuidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxsrinivascooldude58
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber ResiliencePeter Wood
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
S3 DATA PROCESSING FIRST TERM PRE-WAEC (2ND HALF EXAMINATION)
S3 DATA PROCESSING FIRST TERM PRE-WAEC (2ND HALF EXAMINATION)S3 DATA PROCESSING FIRST TERM PRE-WAEC (2ND HALF EXAMINATION)
S3 DATA PROCESSING FIRST TERM PRE-WAEC (2ND HALF EXAMINATION)Ejiro Ndifereke
 
FINAL: San Francisco Cyber TTX exercise -- ESF 18 drill
FINAL: San Francisco Cyber TTX exercise -- ESF 18 drillFINAL: San Francisco Cyber TTX exercise -- ESF 18 drill
FINAL: San Francisco Cyber TTX exercise -- ESF 18 drillDavid Sweigert
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 

What's hot (20)

Chapter 04 information_security_policy
Chapter 04 information_security_policyChapter 04 information_security_policy
Chapter 04 information_security_policy
 
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Editiontest bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
test bank MANAGEMENT of INFORMATION SECURITY, Fifth Edition
 
Chapter 09 security_management_practices
Chapter 09 security_management_practicesChapter 09 security_management_practices
Chapter 09 security_management_practices
 
351_dbproject
351_dbproject351_dbproject
351_dbproject
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
 
So You Want a Job in Cybersecurity
So You Want a Job in CybersecuritySo You Want a Job in Cybersecurity
So You Want a Job in Cybersecurity
 
Bece 2012
Bece 2012Bece 2012
Bece 2012
 
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
 
Ebios
EbiosEbios
Ebios
 
Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4Cisco cybersecurity essentials chapter 4
Cisco cybersecurity essentials chapter 4
 
Cyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CKCyber attaques APT avec le framework MITRE ATT&CK
Cyber attaques APT avec le framework MITRE ATT&CK
 
Cast 14 2 sample exam
Cast 14 2 sample examCast 14 2 sample exam
Cast 14 2 sample exam
 
Guidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptxGuidelines on Cyber Security in Power Sector 2021_R.pptx
Guidelines on Cyber Security in Power Sector 2021_R.pptx
 
Introduction to Cyber Resilience
Introduction to Cyber ResilienceIntroduction to Cyber Resilience
Introduction to Cyber Resilience
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
S3 DATA PROCESSING FIRST TERM PRE-WAEC (2ND HALF EXAMINATION)
S3 DATA PROCESSING FIRST TERM PRE-WAEC (2ND HALF EXAMINATION)S3 DATA PROCESSING FIRST TERM PRE-WAEC (2ND HALF EXAMINATION)
S3 DATA PROCESSING FIRST TERM PRE-WAEC (2ND HALF EXAMINATION)
 
FINAL: San Francisco Cyber TTX exercise -- ESF 18 drill
FINAL: San Francisco Cyber TTX exercise -- ESF 18 drillFINAL: San Francisco Cyber TTX exercise -- ESF 18 drill
FINAL: San Francisco Cyber TTX exercise -- ESF 18 drill
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 

Similar to Chapter 05 developing_the_security_program

Risk 5 simplelearn-exam4-ans
Risk 5 simplelearn-exam4-ansRisk 5 simplelearn-exam4-ans
Risk 5 simplelearn-exam4-ansMohamed Saeed
 
Risk 1 actual test 7 (273 q)
Risk 1 actual test 7 (273 q)Risk 1 actual test 7 (273 q)
Risk 1 actual test 7 (273 q)Mohamed Saeed
 
Uop hrm 326 final exam guide
Uop hrm 326 final exam guideUop hrm 326 final exam guide
Uop hrm 326 final exam guidemybrands1
 
Uop hrm 326 final exam guide
Uop hrm 326 final exam guideUop hrm 326 final exam guide
Uop hrm 326 final exam guideElijahEthaan
 
Uop hrm 326 final exam guide
Uop hrm 326 final exam guideUop hrm 326 final exam guide
Uop hrm 326 final exam guidevindaniel123
 
Uop hrm 326 final exam guide
Uop hrm 326 final exam guideUop hrm 326 final exam guide
Uop hrm 326 final exam guidejackiemoo
 
Risk 3 simplelearn-exam2-ans
Risk 3 simplelearn-exam2-ansRisk 3 simplelearn-exam2-ans
Risk 3 simplelearn-exam2-ansMohamed Saeed
 
1. _ incident responses enables the organization to react to a d
1. _ incident responses enables the organization to react to a d1. _ incident responses enables the organization to react to a d
1. _ incident responses enables the organization to react to a dlauvicuna8dw
 
PMI ACP Classroom Question Paper with Answers
PMI ACP Classroom Question Paper with AnswersPMI ACP Classroom Question Paper with Answers
PMI ACP Classroom Question Paper with AnswersThanh Nguyen
 
Risk 2 simplelearn-exam1-ans
Risk 2 simplelearn-exam1-ansRisk 2 simplelearn-exam1-ans
Risk 2 simplelearn-exam1-ansMohamed Saeed
 
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdfSECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdfJohnRicos
 
Uop hrm 326 final exam guide
Uop hrm 326 final exam guideUop hrm 326 final exam guide
Uop hrm 326 final exam guideuopassignment
 
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017FRSecure
 
Risk 4 simplelearn-exam3-ans
Risk 4 simplelearn-exam3-ansRisk 4 simplelearn-exam3-ans
Risk 4 simplelearn-exam3-ansMohamed Saeed
 
1.A cumulative effort curve for a project generally has an S-shap.docx
1.A cumulative effort curve for a project generally has an S-shap.docx1.A cumulative effort curve for a project generally has an S-shap.docx
1.A cumulative effort curve for a project generally has an S-shap.docxjackiewalcutt
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfHumphrey Humphrey
 
Safety education and training
Safety education and trainingSafety education and training
Safety education and trainingBimal Chandra Das
 

Similar to Chapter 05 developing_the_security_program (20)

Risk 5 simplelearn-exam4-ans
Risk 5 simplelearn-exam4-ansRisk 5 simplelearn-exam4-ans
Risk 5 simplelearn-exam4-ans
 
ISA.pdf
ISA.pdfISA.pdf
ISA.pdf
 
Pmi rmp
Pmi rmpPmi rmp
Pmi rmp
 
Risk 1 actual test 7 (273 q)
Risk 1 actual test 7 (273 q)Risk 1 actual test 7 (273 q)
Risk 1 actual test 7 (273 q)
 
Uop hrm 326 final exam guide
Uop hrm 326 final exam guideUop hrm 326 final exam guide
Uop hrm 326 final exam guide
 
Uop hrm 326 final exam guide
Uop hrm 326 final exam guideUop hrm 326 final exam guide
Uop hrm 326 final exam guide
 
Uop hrm 326 final exam guide
Uop hrm 326 final exam guideUop hrm 326 final exam guide
Uop hrm 326 final exam guide
 
Uop hrm 326 final exam guide
Uop hrm 326 final exam guideUop hrm 326 final exam guide
Uop hrm 326 final exam guide
 
Risk 3 simplelearn-exam2-ans
Risk 3 simplelearn-exam2-ansRisk 3 simplelearn-exam2-ans
Risk 3 simplelearn-exam2-ans
 
1. _ incident responses enables the organization to react to a d
1. _ incident responses enables the organization to react to a d1. _ incident responses enables the organization to react to a d
1. _ incident responses enables the organization to react to a d
 
PMI ACP Classroom Question Paper with Answers
PMI ACP Classroom Question Paper with AnswersPMI ACP Classroom Question Paper with Answers
PMI ACP Classroom Question Paper with Answers
 
Risk 2 simplelearn-exam1-ans
Risk 2 simplelearn-exam1-ansRisk 2 simplelearn-exam1-ans
Risk 2 simplelearn-exam1-ans
 
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdfSECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
SECO 406100422-ISF-Sample-Exam-en-v1-0.pdf
 
Uop hrm 326 final exam guide
Uop hrm 326 final exam guideUop hrm 326 final exam guide
Uop hrm 326 final exam guide
 
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
 
Risk 4 simplelearn-exam3-ans
Risk 4 simplelearn-exam3-ansRisk 4 simplelearn-exam3-ans
Risk 4 simplelearn-exam3-ans
 
1.A cumulative effort curve for a project generally has an S-shap.docx
1.A cumulative effort curve for a project generally has an S-shap.docx1.A cumulative effort curve for a project generally has an S-shap.docx
1.A cumulative effort curve for a project generally has an S-shap.docx
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdf
 
Safety education and training
Safety education and trainingSafety education and training
Safety education and training
 
HRM 326 Entire Course NEW
HRM 326 Entire Course NEWHRM 326 Entire Course NEW
HRM 326 Entire Course NEW
 

Recently uploaded

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Recently uploaded (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Chapter 05 developing_the_security_program

  • 1. Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 1 1. Small organizations spend more per user on security than medium- and large-sized organizations. a. True b. False ANSWER: True 2. Legal assessment for the implementation of the information security program is almost always done by the information security or IT departments. a. True b. False ANSWER: False 3. Threats from insiders are more likely in a small organization than in a large one. a. True b. False ANSWER: False 4. The security education, training, and awareness (SETA) program is designed to reduce the occurence of external security attacks. a. True b. False ANSWER: False 5. On-the-job training can result in substandard work performance while the trainee gets up to speed. a. True b. False ANSWER: True 6. The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables. a. True b. False ANSWER: False 7. Planners need to estimate the effort required to complete each task, subtask, or action step. a. True b. False ANSWER: True 8. The work breakdown structure (WBS) can only be prepared with a complex specialized desktop PC application. a. True b. False ANSWER: False 9. A task or subtask becomes a(n) action step when it can be completed by one individual or skill set and when it includes a single deliverable. _________________________ ANSWER: True
  • 2. Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 2 10. Each organization has to determine its own project management methodology for IT and information security projects. a. True b. False ANSWER: True 11. In the early stages of planning, the project planner should attempt to specify completion dates only for major employees within the project. _________________________ ANSWER: False - milestones 12. Most information security projects require a trained project developer. _________________________ ANSWER: False - manager 13. Which of the following variables is the most influential in determining how to structure an information security program? a. Security capital budget b. Organizational size c. Security personnel budget d. Organizational culture ANSWER: d 14. Which of the following is true about the security staffing, budget, and needs of a medium-sized organization? a. they have a larger security staff than a small organization b. they have a larger security budget (as percent of IT budget) than a small organization c. they have a smaller security budget (as percent of IT budget) than a large organization d. they have larger information security needs than a small organization ANSWER: d 15. Which of the following functions includes identifying the sources of risk and may include offering advice on controls that can reduce risk? a. Risk management b. Risk assessment c. Systems testing d. Vulnerability assessment ANSWER: b 16. Which of the following functions needed to implement the information security program evaluates patches used to close software vulnerabilities and acceptance testing of new systems to assure compliance with policy and effectiveness? a. Systems testing b. Risk assessment c. Incident response d. Systems security administration ANSWER: a 17. Which function needed to implement the information security program includes researching, creating, maintaining, and promoting information security plans? a. compliance b. policy c. planning d. systems security administration ANSWER: c 18. Which of the following is NOT among the functions typically performed within the InfoSec department as a compliance enforcement obligation? a. policy
  • 3. Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 3 b. centralized authentication c. compliance/audit d. risk management ANSWER: b 19. Which of the following would be responsible for configuring firewalls and IDPSs, implementing security software, and diagnosing and troubleshooting problems? a. A security technician b. A security analyst c. A security consultant d. The security manager ANSWER: a 20. GGG security is commonly used to describe which aspect of security? a. technical b. software c. physical d. theoretical ANSWER: c 21. What is the SETA program designed to do? a. reduce the occurrence of external attacks b. improve operations c. reduce the occurence of accidental security breaches d. increase the efficiency of InfoSec staff ANSWER: c 22. A SETA program consists of three elements: security education, security training, and which of the following?. a. security accountability b. security authentication c. security awareness d. security authorization ANSWER: c 23. The purpose of SETA is to enhance security in all but which of the following ways? a. by building in-depth knowledge b. by adding barriers c. by developing skills d. by improving awareness ANSWER: b 24. Advanced technical training can be selected or developed based on which of the following? a. level of previous education b. level of previous training c. technology product d. number of employees ANSWER: c 25. Which of the following is the first step in the process of implementing training? a. Identify training staff b. Identify target audiences c. Identify program scope, goals, and objectives
  • 4. Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 4 d. Motivate management and employees ANSWER: c 26. Which of the following is an advantage of the one-on-one method of training? a. Trainees can learn from each other b. Very cost-effective c. Customized d. Maximizes use of company resources ANSWER: c 27. Which of the following is a disadvantage of the one-on-one training method? a. Inflexible b. May not be responsive to the needs of all the trainees c. Content may not be customized to the needs of the organization d. Resource intensive, to the point of being inefficient ANSWER: d 28. Which of the following is an advantage of the formal class method of training? a. Personal b. Self-paced, can go as fast or as slow as the trainee needs c. Can be scheduled to fit the needs of the trainee d. Interaction with trainer is possible ANSWER: d 29. Which of the following is an advantage of the user support group form of training? a. Usually conducted in an informal social setting b. Formal training plan c. Can be live, or can be archived and viewed at the trainee’s convenience d. Can be customized to the needs of the trainee ANSWER: a 30. Which of the following is NOT a step in the process of implementing training? a. administer the program b. hire expert consultants c. motivate management and employees d. identify target audiences ANSWER: b 31. __________ is a simple project management planning tool. a. RFP b. WBS c. ISO 17799 d. SDLC ANSWER: b 32. Which of the following is the most cost-effective method for disseminating security information and news to employees? a. distance learning seminars b. security-themed Web site
  • 5. Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 5 c. conference calls d. security newsletter ANSWER: d 33. Which of the following is true about a company’s InfoSec awareness Web site? a. it should contain large images to maintain interest b. appearance doesn’t matter if the information is there c. it should be placed on the Internet for public use d. it should be tested with multiple browsers ANSWER: d 34. An organization’s information security program refers to the entire set of activities, resources, personnel, and technologies used by an organization to manage the risks to the information _______ of the organization. ANSWER: assets 35. An organization carries out a risk ____________________ function to evaluate risks present in IT initiatives and/or systems. ANSWER: assessment 36. A study of information security positions found that positions can be classified into one of three types: ____________________ are the realtechnical types, who create and install security solutions. ANSWER: builders 37. The information security ____________________ is usually brought in when the organization makes the decision to outsource one or more aspects of its security program. ANSWER: consultant 38. The ____________________ program is designed to reduce the occurrence of accidental security breaches by members of the organization. ANSWER: security education, training, and awareness SETA 39. Project ____________________ is a description of a project’s features, capabilities, functions, and quality level, used as the basis of a project plan. ANSWER: scope 40. A(n) ____________________ is a specific point in the project plan when a task that has a noticeable impact on plan's the progress is complete. ANSWER: milestone 41. The project planner should describe the skills or personnel needed for a task, often referred to as a(n) ____________________, needed to accomplish a task. ANSWER: resource 42. The three methods for selecting or developing advanced technical training are by job category, by job function, and by ____________________. ANSWER: technology product
  • 6. Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 6 43. The goal of a security ____________________ program is to keep information security at the forefront of users’ minds on a daily basis. ANSWER: awareness 44. ____________________ is a phenomenon in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than in accomplishing meaningful project work. ANSWER: Projectitis 45. Explain the conflict between the goals and objectives of the CIO and the CISO. ANSWER: The CIO, as the executive in charge of the organization’s technology, manages the efficiency in the processing and accessing of the organization’s information. Anything that limits access or slows information processing directly contradicts the CIO’s mission. On the other hand, the CISO functions more like an internal auditor, with the information security department examining existing systems to discover information security faults and flaws in technology, software, and employees’ activities and processes. At times, these activities may disrupt the processing and accessing of the organization’s information. 46. What is the security education, training, and awareness program? Describe how the program aims to enhance security. ANSWER: The security education, training, and awareness (SETA) program is designed to reduce the occurence of accidental security breaches by members of the organization. The program aims to enhance security in three ways: - By building in-depth knowledge, as needed, to design, implement, or operate security programs for organizations and systems - By developing skills and knowledge so that computer users can perform their jobs while using IT systems more securely - By improving awareness of the need to protect system resources 47. List the steps of the seven-step methodology for implementing training. ANSWER: The seven-step methodology for implementing training is as follows: Step 1: Identify program scope, goals, and objectives. Step 2: Identify training staff. Step 3: Identify target audiences. Step 4: Motivate management and employees. Step 5: Administer the program. Step 6: Maintain the program. Step 7: Evaluate the program. 48. What are some of the variables that determine how a given organization chooses to construct its InfoSec program? ANSWER: Among the variables that determine how a given organization chooses to structure its information security (InfoSec) program are organizational culture, size, security personnel budget, and security capital budget. 49. What are the four areas into which it is recommended to separate the functions of security? ANSWER: Functions performed by nontechnology business units outside the IT area of management control Functions performed by IT groups outside the InfoSec area of management control Functions performed within the InfoSec department as a customer service to the organization and its external partners Functions performed within the InfoSec department as a compliance enforcement obligation 50. Which security functions are normally performed by IT groups outside the InfoSec area of management control?
  • 7. Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 7 ANSWER: Systems security administration Network security administration Centralized authentication 51. What are the components of the security program element described as preparing for contingencies and disasters? ANSWER: Business plan, identify resources, develop scenarios, develop strategies, test and revise plan. 52. What is the Chief Information Security Office primarily responsible for? ANSWER: The CISO is primarily responsible for the assessment, management, and implementation of the program that secures the organization’s information. 53. What is the role of help desk personnel in the InfoSec team? ANSWER: An important part of the InfoSec team is the help desk, which enhances the security team’s ability to identify potential problems. When a user calls the help desk with a complaint about his or her computer, the network, or an Internet connection, the user’s problem may turn out to be related to a bigger problem, such as a hacker, a DoS attack, or a virus. Because help desk technicians perform a specialized role in InfoSec, they need specialized training. These staff members must be prepared to identify and diagnose both traditional technical problems and threats to InfoSec. Their ability to do so may cut precious hours off of an incident response. 54. What is the purpose of a security awareness program? What advantage does an awareness program have for the InfoSec program? ANSWER: A security awareness program keeps InfoSec at the forefront of users’ minds on a daily basis. Awareness serves to instill a sense of responsibility and purpose in employees who handle and manage information, and it leads employees to care more about their work environment. a. InfoSec program b. SETA c. scope creep d. security watchstander e. security manager f. CISO g. projectitis h. critical path method i. security technicians j. security awareness program 55. In larger organizations, responsible for some aspect of information security; in smaller organizations, this title may be assigned to the only or senior security administrator. ANSWER: e 56. ANSWER: a 57. Occurs when a project manager spends more time working in the project management software than accomplishing meaningful project work. ANSWER: g
  • 8. Name: Class: Date: Chapter 05 - Developing the Security Program Copyright Cengage Learning. Powered by Cognero. Page 8 58. Entry-level InfoSec professional responsible for the routine monitoring and operation of a particular InfoSec technology. ANSWER: d 59. ANSWER: i 60. A program designed to improve the security of information assets by providing targeted information, skills, and guidance for organizational employees. ANSWER: b 61. A diagramming technique designed to identify the sequence of tasks that make up the shortest elapsed time needed to complete a project. ANSWER: h 62. Typically considered the top information security officer in an organization. ANSWER: f 63. ANSWER: j 64. The expansion of the quantity or quality of project deliverables from the original project plan. ANSWER: c 65. What minimum attributes for project tasks does the WBS document? ANSWER: Work to be accomplished (activities and deliverables) Individuals (or skill set) assigned to perform the task Start and end dates for the task (when known) Amount of effort required for completion in hours or work days Estimated capital expenses for the task Estimated noncapital expenses for the task Identification of dependencies between and among tasks