Question 1

Access control lists can be used to control access to file storage systems.

Accepted Answer

Access control lists (ACLs) are a security mechanism that specify which users or groups are granted access to specific files or directories in a file storage system. Therefore, they can be used to control access to file storage systems.

Question 2

To be effective,policy must be uniformly applied to all employees,including executives.

Accepted Answer

To ensure fairness and equality in the workplace, policies should apply to all employees, including executives. No employee should be exempt from following policies, as this can create a perception of favoritism or discrimination. Additionally, executives are often responsible for setting the tone and culture of the organization, so adhering to policies sends a message about the importance of compliance and ethical behavior.

Question 3

A(n)standard is a more detailed statement of what must be done to comply with a policy._________________________

Accepted Answer

A standard provides specific requirements or guidelines to follow in order to comply with a policy.

Question 4

The policy administrator must be technically oriented.

Accepted Answer

A policy administrator does not necessarily need to be technically oriented, as their primary role involves managing and overseeing policies, which can include administrative and organizational tasks rather than technical ones.

Question 5

The Flesch-Kincaid Grade Level score evaluates writing on a U.S.grade-school level.

Accepted Answer

The Flesch-Kincaid Grade Level score is based on the U.S. grade-school level, so writing is evaluated in terms of its readability for that audience.

Question 6

If multiple audiences exist for information security policies,different documents must be created for each audience.

Accepted Answer

Different audiences can be addressed within a single document by organizing the content into sections or appendices tailored to each audience's needs.

Question 7

The Prohibited Usage of Equipment section of the ISSP specifies the penalties and repercussions of violating the usage and systems management policies._________________________

Accepted Answer

Violations of Policy

Question 8

A(n)individual approach to creating the ISSPs can suffer from poor policy dissemination,enforcement,and review._________________________

Accepted Answer

When ISSPs are created using an individual approach, there may be a lack of consistency in policy dissemination, enforcement, and review, which can lead to poor implementation and outcomes.

Question 9

A policy should be "signed into law" by a high-level manager before the collection and review of employee input.

Accepted Answer

A policy should not be signed into law by a high-level manager before the collection and review of employee input. Employee input should be gathered and thoroughly reviewed before any policy is finalized and implemented. This ensures that employees have a say in the policies that will affect them and that the policies will be effective and efficient for the organization.

Question 10

A(n)issue-specific security policy sets the strategic direction,scope,and tone for all of an organization's security efforts._________________________

Accepted Answer

enterprise information

Question 11

Access control lists include user access lists,matrices,and capability tables._________________________

Accepted Answer

This statement is true. Access control lists can include user access lists, matrices, and capability tables, among other things, to control access to resources and information.

Question 12

Policies should be published without a date of origin.

Accepted Answer

Policies should always be published with a date of origin in order to provide clarity and transparency about when they were created and the context in which they were developed. Additionally, having a clear and up-to-date record of policies can help organizations ensure they are staying compliant with any legal or regulatory requirements that may have changed since the policy was first established.

Question 13

An ISSP will typically not cover the use of e-mail or the Internet.

Accepted Answer

An ISSP will typically cover the use of e-mail and the Internet as they are important communication tools for organizations. The ISSP outlines policies and procedures for the safe and appropriate use of these technologies to protect the organization from potential security threats.

Question 14

The two general methods of implementing technical controls are access control lists and configuration rules._________________________

Accepted Answer

Access control lists and configuration rules are both methods used to implement technical controls in information security systems.

Question 15

A(n)enterprise information security policy is a type of information security policy that provides detailed,targeted guidance to instruct all members of the organization in the use of technology-based systems._________________________

Accepted Answer

issue-specific

Question 16

If an organization wants to prohibit the criminal use of the organization's information systems,it should do so in the Systems Management section of the ISSP._________________________

Accepted Answer

Prohibited Usage of Equipment

Question 17

In the bull's-eye model,issues are addressed by moving from the general to the specific,always starting with policy.That is,the focus is on $\text {\underline{ specific } }$

solutions instead of individual problems._________________________

Accepted Answer

The bull's-eye model starts with general policies and moves towards specific solutions, focusing on addressing individual problems rather than specific solutions.

Question 18

SysSPs focus on the proper handling of issues in the organization,like the use of technologies.

Accepted Answer

The answer of SysSPs focus on the proper handling of...

Question 19

When a policy is created and distributed without software automation tools,it is often not clear which manager has approved it.

Accepted Answer

Without software automation tools, tracking the approval of a policy can be difficult and unclear.

Question 20

A(n)technical specifications SysSP document is created by management to guide the implementation and configuration of technology._________________________

Accepted Answer

managerial guidance

Quiz 4: Information Security Policy