Chat with AI
Deck 5: Developing the Security Program
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/55
Play
Full screen (f)
Deck 5: Developing the Security Program
1
A task or subtask becomes a(n)action step when it can be completed by one individual or skill set and when it includes a single deliverable._________________________
True
2
Small organizations spend more per user on security than medium- and large-sized organizations.
True
3
Legal assessment for the implementation of the information security program is almost always done by the information security or IT departments.
False
4
Which of the following variables is the most influential in determining how to structure an information security program?
A) Security capital budget
B) Organizational size
C) Security personnel budget
D) Organizational culture
A) Security capital budget
B) Organizational size
C) Security personnel budget
D) Organizational culture
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
5
Most information security projects require a trained project developer._________________________
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
6
Threats from insiders are more likely in a small organization than in a large one.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
7
Each organization has to determine its own project management methodology for IT and information security projects.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
8
In the early stages of planning,the project planner should attempt to specify completion dates only for major employees within the project._________________________
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
9
Planners need to estimate the effort required to complete each task,subtask,or action step.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
10
The first step in the work breakdown structure (WBS)approach encompasses activities,but not deliverables.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
11
The work breakdown structure (WBS)can only be prepared with a complex specialized desktop PC application.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
12
On-the-job training can result in substandard work performance while the trainee gets up to speed.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
13
GGG security is commonly used to describe which aspect of security?
A) technical
B) software
C) physical
D) theoretical
A) technical
B) software
C) physical
D) theoretical
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
14
Which function needed to implement the information security program includes researching,creating,maintaining,and promoting information security plans?
A) compliance
B) policy
C) planning
D) systems security administration
A) compliance
B) policy
C) planning
D) systems security administration
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following would be responsible for configuring firewalls and IDPSs,implementing security software,and diagnosing and troubleshooting problems?
A) A security technician
B) A security analyst
C) A security consultant
D) The security manager
A) A security technician
B) A security analyst
C) A security consultant
D) The security manager
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
16
Which of the following is NOT among the functions typically performed within the InfoSec department as a compliance enforcement obligation?
A) policy
B) centralized authentication
C) compliance/audit
D) risk management
A) policy
B) centralized authentication
C) compliance/audit
D) risk management
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following functions needed to implement the information security program evaluates patches used to close software vulnerabilities and acceptance testing of new systems to assure compliance with policy and effectiveness?
A) Systems testing
B) Risk assessment
C) Incident response
D) Systems security administration
A) Systems testing
B) Risk assessment
C) Incident response
D) Systems security administration
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following functions includes identifying the sources of risk and may include offering advice on controls that can reduce risk?
A) Risk management
B) Risk assessment
C) Systems testing
D) Vulnerability assessment
A) Risk management
B) Risk assessment
C) Systems testing
D) Vulnerability assessment
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
19
Which of the following is true about the security staffing,budget,and needs of a medium-sized organization?
A) they have a larger security staff than a small organization
B) they have a larger security budget (as percent of IT budget) than a small organization
C) they have a smaller security budget (as percent of IT budget) than a large organization
D) they have larger information security needs than a small organization
A) they have a larger security staff than a small organization
B) they have a larger security budget (as percent of IT budget) than a small organization
C) they have a smaller security budget (as percent of IT budget) than a large organization
D) they have larger information security needs than a small organization
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
20
The security education,training,and awareness (SETA)program is designed to reduce the occurence of external security attacks.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
21
Which of the following is true about a company's InfoSec awareness Web site?
A) it should contain large images to maintain interest
B) appearance doesn't matter if the information is there
C) it should be placed on the Internet for public use
D) it should be tested with multiple browsers
A) it should contain large images to maintain interest
B) appearance doesn't matter if the information is there
C) it should be placed on the Internet for public use
D) it should be tested with multiple browsers
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
22
A SETA program consists of three elements: security education,security training,and which of the following?.
A) security accountability
B) security authentication
C) security awareness
D) security authorization
A) security accountability
B) security authentication
C) security awareness
D) security authorization
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
23
The ____________________ program is designed to reduce the occurrence of accidental security breaches by members of the organization.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
24
The information security ____________________ is usually brought in when the organization makes the decision to outsource one or more aspects of its security program.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
25
What is the SETA program designed to do?
A) reduce the occurrence of external attacks
B) improve operations
C) reduce the occurence of accidental security breaches
D) increase the efficiency of InfoSec staff
A) reduce the occurrence of external attacks
B) improve operations
C) reduce the occurence of accidental security breaches
D) increase the efficiency of InfoSec staff
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
26
A study of information security positions found that positions can be classified into one of three types: ____________________ are the real technical types,who create and install security solutions.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
27
Which of the following is the most cost-effective method for disseminating security information and news to employees?
A) distance learning seminars
B) security-themed Web site
C) conference calls
D) security newsletter
A) distance learning seminars
B) security-themed Web site
C) conference calls
D) security newsletter
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
28
Project ____________________is adescription of a project's features,capabilities,functions,and quality level,used as the basis of a project plan.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
29
Which of the following is an advantage of the formal class method of training?
A) Personal
B) Self-paced, can go as fast or as slow as the trainee needs
C) Can be scheduled to fit the needs of the trainee
D) Interaction with trainer is possible
A) Personal
B) Self-paced, can go as fast or as slow as the trainee needs
C) Can be scheduled to fit the needs of the trainee
D) Interaction with trainer is possible
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
30
Which of the following is an advantage of the one-on-one method of training?
A) Trainees can learn from each other
B) Very cost-effective
C) Customized
D) Maximizes use of company resources
A) Trainees can learn from each other
B) Very cost-effective
C) Customized
D) Maximizes use of company resources
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
31
Which of the following is the first step in the process of implementing training?
A) Identify training staff
B) Identify target audiences
C) Identify program scope, goals, and objectives
D) Motivate management and employees
A) Identify training staff
B) Identify target audiences
C) Identify program scope, goals, and objectives
D) Motivate management and employees
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
32
Which of the following is an advantage of the user support group form of training?
A) Usually conducted in an informal social setting
B) Formal training plan
C) Can be live, or can be archived and viewed at the trainee's convenience
D) Can be customized to the needs of the trainee
A) Usually conducted in an informal social setting
B) Formal training plan
C) Can be live, or can be archived and viewed at the trainee's convenience
D) Can be customized to the needs of the trainee
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
33
An organization carries out a risk ____________________ function to evaluate risks present in IT initiatives and/or systems.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
34
The purpose of SETA is to enhance security in all but which of the following ways?
A) by building in-depth knowledge
B) by adding barriers
C) by developing skills
D) by improving awareness
A) by building in-depth knowledge
B) by adding barriers
C) by developing skills
D) by improving awareness
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
35
__________ is a simple project management planning tool.
A) RFP
B) WBS
C) ISO 17799
D) SDLC
A) RFP
B) WBS
C) ISO 17799
D) SDLC
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
36
An organization's information security program refers to theentire set of activities,resources,personnel,and technologies used by an organization to manage the risks to the information _______ of the organization.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
37
Which of the following is a disadvantage of the one-on-one training method?
A) Inflexible
B) May not be responsive to the needs of all the trainees
C) Content may not be customized to the needs of the organization
D) Resource intensive, to the point of being inefficient
A) Inflexible
B) May not be responsive to the needs of all the trainees
C) Content may not be customized to the needs of the organization
D) Resource intensive, to the point of being inefficient
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
38
Which of the following is NOT a step in the process of implementing training?
A) administer the program
B) hire expert consultants
C) motivate management and employees
D) identify target audiences
A) administer the program
B) hire expert consultants
C) motivate management and employees
D) identify target audiences
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
39
Advanced technical training can be selected or developed based on which of the following?
A) level of previous education
B) level of previous training
C) technology product
D) number of employees
A) level of previous education
B) level of previous training
C) technology product
D) number of employees
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
40
A(n)____________________ is a specific point in the project plan when a task that has a noticeable impact on plan's the progress is complete.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
41
What is the purpose of a security awareness program?What advantage does an awareness program have for the InfoSec program?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
42
What are the four areas into which it is recommended to separate the functions of security?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
43
The project planner should describe the skills or personnel needed for a task,often referred to as a(n)____________________,needed to accomplish a task.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
44
Explain the conflict between the goals and objectives of the CIO and the CISO.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
45
The three methods for selecting or developing advanced technical training are by job category,by job function,and by ____________________.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
46
What is the Chief Information Security Office primarily responsible for?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
47
Which security functions are normally performed by IT groups outside the InfoSec area of management control?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
48
What are the components of the security program element described as preparing for contingencies and disasters?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
49
The goal of a security ____________________ program is to keep information security at the forefront of users' minds on a daily basis.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
50
What minimum attributes for project tasks does the WBS document?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
51
What is the security education,training,and awareness program? Describe how the program aims to enhance security.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
52
____________________ is a phenomenon in which the project manager spends more time documenting project tasks,collecting performance measurements,recording project task information,and updating project completion forecasts than in accomplishing meaningful project work.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
53
What are some of the variables that determine how a given organization chooses to construct its InfoSec program?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
54
List the steps of the seven-step methodology for implementing training.
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
55
What is the role of help desk personnel in the InfoSec team?
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 55 flashcards in this deck.
