Cybersecurity Management Study Guide Questions
Course Introduction
Cybersecurity Management explores the strategic and operational aspects of protecting information systems and data within organizations. The course covers essential topics such as risk assessment, security policy development, compliance frameworks, incident response planning, and the use of managerial tools to safeguard digital assets. Students will examine contemporary threats and vulnerabilities, analyze case studies of security breaches, and learn best practices for building a comprehensive cybersecurity program. Emphasis is placed on aligning security initiatives with business objectives, fostering a culture of security awareness, and understanding the legal and ethical considerations in cybersecurity management.
Recommended Textbook Management of Information Security 3rd Edition by Michael
E. Whitman
Source URL: https://quizplus.com/study-set/2354
Page 2
Chapter 1: Introduction to the Management of Information Security
Available Study Resources on Quizplus for this Chatper
139 Verified Questions
139 Flashcards
Source URL: https://quizplus.com/quiz/46799
Sample Questions
Q1) Both autocratic and democratic leaders tend to be action-oriented. A)True
B)False
Answer: True
Q2) \(\text {\underline{ Operations } }\) are discrete sequences of activities with starting points and defined completion points._________________________ A)True
B)False
Answer: False
Q3) All managers are expected to play a leadership role. A)True
B)False
Answer: False
Q4) The first step in the WBS is to identify the work to be accomplished in the task or task area; that is,the activities and ____________________.
Answer: deliverables
Page 3
To view all questions and flashcards with answers, click on the resource link above.
Chapter 2: Planning for Security
Available Study Resources on Quizplus for this Chatper
123 Verified Questions
123 Flashcards
Source URL: https://quizplus.com/quiz/46800
Sample Questions
Q1) The first phase of the security systems development life cycle (SecSDLC)is the ____ phase.
A) analysis
B) investigation
C) logical design
D) physical design
Answer: B
Q2) Which of the following is a characteristic of the bottom-up approach to security implementation?
A) Strong upper-management support
B) A clear planning and implementation process
C) Systems administrators attempting to improve the security of their systems
D) Ability to influence organizational culture
Answer: C
Q3) Which of the following is true about mission statements?
A) They should be ambitious
B) They express what the organization is
C) They express the aspirations of the organization
D) They are not meant to be probable
Answer: B
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Planning for Contingencies
Available Study Resources on Quizplus for this Chatper
114 Verified Questions
114 Flashcards
Source URL: https://quizplus.com/quiz/46801
Sample Questions
Q1) A(n)\(\text {\underline{ alert message} }\)
is a scripted set of initial instructions used to respond to an incident._________________________
A)True
B)False
Answer: True
Q2) The ____ plan focuses on the immediate response to an incident.
A) DR
B) IR
C) BC
D) FR
Answer: B
Q3) Computer hardware and peripherals are provided in a cold site.
A)True
B)False
Answer: False
Q4) The bulk batch-transfer of data to an off-site facility is known as ____________________.
Answer: electronic vaulting
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Information Security Policy
Available Study Resources on Quizplus for this Chatper
133 Verified Questions
133 Flashcards
Source URL: https://quizplus.com/quiz/46802
Sample Questions
Q1) Policies must also specify the penalties for unacceptable behavior and define a(n)____.
A) appeals process
B) legal recourse
C) responsible managers
D) requirements for revision
Q2) Capability tables are also known as ____.
A) system policies
B) user policies
C) system profiles
D) account lists
Q3) A quality information security program begins and ends with policy.
A)True
B)False
Q4) Which of the following is a type of information security policy that deals with the entirety of an organization's information security efforts?
A) Issue-specific security policy
B) System-specific security policy
C) Company-wide security policy
D) Enterprise information security policy
Page 6
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Developing the Security Program
Available Study Resources on Quizplus for this Chatper
133 Verified Questions
133 Flashcards
Source URL: https://quizplus.com/quiz/46803
Sample Questions
Q1) A security technician is usually an entry-level position.
A)True
B)False
Q2) An organization carries out a risk ____________________ function to evaluate risks present in IT initiatives and/or systems.
Q3) A medium-sized organization has ____.
A) a larger security staff than a small organization
B) a larger security budget (as percent of IT budget) than a small organization
C) a smaller security budget (as percent of IT budget) than a large organization
D) larger security needs than a small organization
Q4) According to Briney and Prince,"Security spending per user and per machine declines exponentially as organizations grow."
A)True
B)False
Q5) Very large organizations tend to have the<u> largest</u> budget per user of all organizational sizes discussed._________________________
A)True
B)False
Q6) Explain the conflict between the goals and objectives of the CIO and the CISO.
Page 7
To view all questions and flashcards with answers, click on the resource link above.
Chapter 6: Security Management Models
Available Study Resources on Quizplus for this Chatper
120 Verified Questions
120 Flashcards
Source URL: https://quizplus.com/quiz/46804
Sample Questions
Q1) The ___ or Chinese Wall model is designed to prevent a conflict of interest between two parties.
A) Bell-LaPadula
B) Graham-Denning
C) Brewer-Nash
D) Harrison-Ruzzo-Ullman
Q2) ____________________ is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties.
Q3) ____________________ limits a user's access to the specific information required to perform the currently assigned task,and not merely to the category of data required for a general work function.
Q4) An ATM machine is a common example of a(n)<u>constrained user interface</u> form of access control._________________________
A)True
B)False
Q5) A(n)____________________ is the outline of an information security blueprint.
Q6) ____________________ controls restore operating conditions back to normal.
Q7) The COBIT model categorizes control objectives into four domains.List them.
Page 8
To view all questions and flashcards with answers, click on the resource link above.
Chapter 7: Security Management Practices
Available Study Resources on Quizplus for this Chatper
114 Verified Questions
114 Flashcards
Source URL: https://quizplus.com/quiz/46805
Sample Questions
Q1) The benefits of using information security performance measures include all but which of the following?
A) Increasing efficiency for InfoSec performance
B) Improving effectiveness of InfoSec activities
C) Demonstrating compliance with laws, rules and regulations
D) Providing quantifiable inputs for resource allocation decisions
Q2) Once developed,information security performance measures must be implemented and integrated into ____ information security management operations.
A) cost-effective
B) ongoing
C) efficient
D) regulated
Q3) In selecting among recommended practices,an organization should seek to ensure that the target ____ is similar to their own.
A) threat environment
B) resource expenditures
C) organization structure
D) all of these
To view all questions and flashcards with answers, click on the resource link above.
9
Chapter 8: Risk Management: Identifying and Assessing Risk
Available Study Resources on Quizplus for this Chatper
78 Verified Questions
78 Flashcards
Source URL: https://quizplus.com/quiz/46806
Sample Questions
Q1) According to Sun Tzu - knowing yourself and your enemy "for every victory gained,you will suffer a defeat".
A)True
B)False
Q2) Which of the following activities is part of the risk identification process?
A) Determining the likelihood that vulnerable systems will be attacked by specific threats
B) Calculating the risks to which assets are exposed in their current setting
C) Assigning a value to each information asset
D) Assessing the relative risk facing the organization's information assets
Q3) A ranked vulnerability risk worksheet assigns a ranked value or impact weight to each information asset.
A)True
B)False
Q4) The final step in the risk identification process is to list the assets in order of <u>cost</u>,using a weighted factor analysis worksheet._________________________
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 10
Q5) Classification categories must be ____________________ and mutually exclusive.
Chapter 9: Risk Management: Controlling Risk
Available Study Resources on Quizplus for this Chatper
105 Verified Questions
105 Flashcards
Source URL: https://quizplus.com/quiz/46807
Sample Questions
Q1) ____ is usually determined by valuing the information asset or assets exposed by the vulnerability and then determining how much of that value is at risk,and how much risk exists for the asset.
A) Risk
B) Asset value
C) Cost
D) Benefit
Q2) The Annualized Loss Expectancy in the CBA formula is determined as ____.
A) ALE * ARO
B) SLE * ARO
C) ACS - SLE(post)
D) AV * EF
Q3) Due care and due diligence occur when an organization adopts a certain minimum level of security as what any ____________________ organization would do in similar circumstances.
Q4) Briefly describe the four basic strategies to control risk that result from vulnerabilities.
Q5) The threat level and an asset's ____________________ should be a major factor in the risk control strategy selection.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Protection Mechanisms
Available Study Resources on Quizplus for this Chatper
133 Verified Questions
133 Flashcards
Source URL: https://quizplus.com/quiz/46808
Sample Questions
Q1) Which of the following criteria would NOT satisfy the legal use of a packet sniffer?
A) Having direct authorization of the network's owners
B) Being on a network that the organization leases
C) Having knowledge and consent of the content creators (users)
D) Being on a network that the organization owns
Q2) The first generation of firewalls,packet filtering firewalls,are simple networking devices that filter packets by examining every incoming and outgoing packet
Q3) Briefly describe how biometric technologies are generally evaluated.
Q4) Two keys are used to encrypt and decrypt messages in symmetric encryption.
A)True
B)False
Q5) ____ firewalls are network devices that examine every incoming and outgoing packet's header,selectively allowing or rejecting packets based on the header information.
A) Packet filtering
B) Stateful inspection
C) DMZ
D) Proxy
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Personnel and Security
Available Study Resources on Quizplus for this Chatper
133 Verified Questions
133 Flashcards
Source URL: https://quizplus.com/quiz/46809
Sample Questions
Q1) CISOs are primarily charged with the day-to-day operation of the information security program.
A)True
B)False
Q2) Employees who perform security monitoring functions within an organization fall under the classification of information security positions that ____. A) define
B) build
C) administer
D) audit
Q3) Briefly describe at least five types of background checks.
Q4) It is important to have security clauses and policies as part of employment contracts in place at the time of ____________________ because it is much more difficult to implement such documents with existing employees .
Q5) <u>Contract</u> workers are brought in by organizations to temporarily fill positions or to supplement the existing workforce._________________________
A)True B)False
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Law and Ethics
Available Study Resources on Quizplus for this Chatper
113 Verified Questions
113 Flashcards
Source URL: https://quizplus.com/quiz/46810
Sample Questions
Q1) Socially acceptable behaviors that conform to the widely held principles of the members of that society are referred to as ____________________.
Q2) The utilitarian ethical approach emphasizes that an ethical action is one that results in the most good,or the least harm; the utilitarian approach seeks to link consequences to choices.
A)True
B)False
Q3) Which of the following is a U.S.-based international effort to reduce the impact of copyright,trademark,and privacy infringement?
A) Federal Privacy Act
B) The Electronic Communications Privacy Act
C) Digital Millennium Copyright Act
D) Computer Fraud and Abuse Act
Q4) The Electronic Communications Privacy Act addresses matters related to ____________________ of electronic communications.
Q5) Due ____________________ requires that an organization make sufficient and ongoing efforts to protect others.
Q6) Briefly describe five different types of laws.
To view all questions and flashcards with answers, click on the resource link above. Page 14