IS4550

Security Policies and Implementation

Unit 11 (August 26, 2016)
Course Review and Final Examination

Assignments and Study Materials
  • Unit 11 Project 11.1: Department of Defense (DoD) Ready
  • Unit 11 Exam 11.2: Final Exam
Week 11 Preparation
When preparing for the course review and final examination, you will want to pay particular attention to the following questions:
  1. From a structural perspective, how are security frameworks usually organized?
  2. What is the capstone document in a security framework?
  3. What is the prime objective of information security programs?
  4. What are the five pillars?
  5. Why do organizations consider information security policies important?
  6. Why does a security review most usually entail business process reengineering?
  7. How are policies different from procedures?
  8. What are the three most important issues that awareness programs must emphasize?
  9. What must an organization measure in order to achieve repeatable behavior from its security policy planners?
  10. Creating an impact report, identifying asset reliance, and establishing asset priority are part of what activity?
  11. What is the purpose of a data classification system?
  12. What must first be completed and agreed upon by all the key departments within the organization before a BCP can be crafted?
  13. What is RTO?
  14. What function does a Disaster Declaration Policy serve?
  15. Building a business continuity plan begins with what analytical activity?
  16. In terms of implementation and compliance, what is the most important factor in an organization-wide security policy?
  17. What is the difference between a data steward (also called a data owner) and a data custodian?
  18. What are data administrators primarily responsible for?
  19. What are data security administrators primarily responsible for?
  20. What is SOD?
  21. What are the three lines of defense in the financial services sector?
  22. What are the most common ways that risk can be mitigated within the user domain?
  23. As a risk mitigation strategy, securing the workstation is most often associated with which IT infrastructure domain?
  24. Establishing security rules for the DMZ is a risk mitigation strategy most commonly associated with which IT infrastructure domain?
  25. What is the primary means by which organizations prohibit accessing or storing unacceptable content?
  26. What is the purpose of an SAP?
  27. The standards for deploying and operating wireless access points are typically included in the baseline standards of which IT infrastructure domain?
  28. What is a PAA?
  29. Who in an organization is responsible for assessing technology controls and risks?
  30. Who in an organization should be required to sign and abide by the Acceptable Use Policy?
  31. What is the purpose of the Control Standards document within a Security Policy Framework?
  32. With which IT infrastructure domain would a policy defining how firewalls handle application traffic be associated?
  33. Where within a Security Policy Framework would IDS/IPS architecture and management issues be addressed?
  34. Into which IT infrastructure domain would web services policies be organized?
  35. What is the purpose of an IRT policy?
  36. What are some of the most common kinds of incidents as defined by the Payment Card Industry Data Security Standard (PCI DSS)?
  37. A typical IRT is composed of members from which departments?
  38. What must be defined before an IRT can declare an incident?
  39. After declaring an incident, what must the IRT do before formulating a specific response?
  40. What are the primary responsibilities of the IRT Manager?
  41. What are the primary responsibilities of the IRT Coordinator?
  42. When determining the success of the IRT, what factors should be measured?
  43. What three motivational factors must be present in a security framework in order to maximize the likelihood of user compliance?
  44. What are some of the most common causes of security policy failure?
  45. In terms of organizational culture, what must happen before security policies can be implemented and administered effectively?
  46. What is the purpose of the Change Control Board with regard to security policies?
  47. What is an RFC?
  48. What departments within an organization should be represented on the Change Control Board that oversees the maintenance of security policies?
  49. What kinds of organizational challenges can prevent the successful deployment of a security framework?
  50. What are the most serious types of security breaches and why are they important to security policy planners?
  51. What are the eight steps used to make lasting change in organizations?
  52. What are the workplace personality types defined by the Kingdomality taxonomy?
  53. Why are users most likely to oppose security initiatives?
  54. What are some of the most effective means of ensuring security awareness?
  55. When encountering resistance to security policies, what should the implementers keep in mind with regard to the reluctant users?
  56. What law gives employers the right to monitor employees in the ordinary course of business?
  57. What are some of the primary benefits of automating security policy compliance?
  58. What makes automated systems more effective at tracking security policy compliance than human monitoring?
  59. How might MBSA be used in the implementation of security policies?
  60. How might you apply layered security to the User Domain?
Your browser is out-of-date!

You need to update your browser to view Foliotek correctly. Update my browser now

×