In addition to specifying the penalties for unacceptable behavior,what else must a policy specify?
Free
Multiple Choice
Technology
is the essential foundation of an effective information security program._____________
Free
True False
Examples of actions that illustrate compliance with policies are known as
laws.
Free
True False
Which section of an ISSP should outline a specific methodology for the review and modification of the ISSP?
Multiple Choice
Which type of document is a more detailed statement of what must be done to comply with a policy?
Multiple Choice
Since most policies are drafted by a single person and then reviewed by a higher-level manager,employee input should not be considered since it makes the process too complex.
True False
Information securitypolicies are designed to provide structure in the workplace and explain the
willof the organization'smanagement.____________
True False
Non mandatory recommendations that the employee may use as a reference incomplying with a policy.are known as
regulations.____________
True False
Which type of security policy is intended to provide a common understanding of the purposes for which an employee can and cannot use a resource?
Multiple Choice
Policies must specify penalties for unacceptable behavior and define an appeals process.
True False
Which of the following is NOT one of the basic rules that must be followed when shaping a policy?
Multiple Choice
Which policy is the highest level of policy and is usually created first?
Multiple Choice
One of the goals of an issue-specific security policy is to indemnify the organization against liability for an employee's inappropriate or illegal use of the system.
True False
Rule-based policies are less specific to the operation of a system than access control lists.
True False
The 'Authorized Uses' section of an ISSP specifies what the identified technology cannot be used for.
True False
The need for effective policy management has led to the emergence of a class of
hardwaretools that supports policy development,implementation,and maintenance.
True False
Which of the following is an element of the enterprise information security policy?
Multiple Choice
Which of the following is a policy implementation model that addresses issues by moving from the general to the specific and is a proven mechanism for prioritizing complex changes?
Multiple Choice
Which of the following is NOT among the three types of InfoSec policies based on NIST's Special Publication 800-14?
Multiple Choice
Which of the following sections of the ISSP should provide instructions on how to report observed or suspected policy infractions?
Multiple Choice