Show
In addition to specifying the penalties for unacceptable behavior,what else must a policy specify? Free Multiple Choice Technology is the essential foundation of an effective information security program._____________ Free True False Examples of actions that illustrate compliance with policies are known as laws. Free True False Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP? Multiple Choice Which type of document is a more detailed statement of what must be done to comply with a policy? Multiple Choice Since most policies are drafted by a single person and then reviewed by a higher-level manager,employee input should not be considered since it makes the process too complex. True False Information securitypolicies are designed to provide structure in the workplace and explain the willof the organization'smanagement.____________ True False Non mandatory recommendations that the employee may use as a reference incomplying with a policy.are known as regulations.____________ True False Which type of security policy is intended to provide a common understanding of the purposes for which an employee can and cannot use a resource? Multiple Choice Policies must specify penalties for unacceptable behavior and define an appeals process. True False Which of the following is NOT one of the basic rules that must be followed when shaping a policy? Multiple Choice Which policy is the highest level of policy and is usually created first? Multiple Choice One of the goals of an issue-specific security policy is to indemnify the organization against liability for an employee's inappropriate or illegal use of the system. True False Rule-based policies are less specific to the operation of a system than access control lists. True False The 'Authorized Uses' section of an ISSP specifies what the identified technology cannot be used for. True False The need for effective policy management has led to the emergence of a class of hardwaretools that supports policy development,implementation,and maintenance. True False Which of the following is an element of the enterprise information security policy? Multiple Choice Which of the following is a policy implementation model that addresses issues by moving from the general to the specific and is a proven mechanism for prioritizing complex changes? Multiple Choice Which of the following is NOT among the three types of InfoSec policies based on NIST's Special Publication 800-14? Multiple Choice Which of the following sections of the ISSP should provide instructions on how to report observed or suspected policy infractions? Multiple Choice Which of the following is defined as non mandatory recommendations the employee may use as a reference in complying with a policy?Simply put, guidelines are general recommendations; they're not mandatory or required. Employees who don't follow guidelines usually don't have anything happen to them, discipline-wise.
What type of document is a more detailed statement of what must be done to comply with a policy?25 Cards in this Set. In which phase of the development of an InfoSec policy Must a plan to distribute the policies be developed?In which phase of the development of an InfoSec policy must a plan to distribute the policies be developed? Why is this important? During the implementation phase, the team must create a plan to distribute and verify the distribution of the policies.
Which of the following are the two general groups into which SysSPs can be separated?SysSPs can be separated into two general components, managerial guidance and technical specifications.
|