Risk Management in Information Security
Midterm Exam
Course Introduction
This course explores the principles and practices of risk management within the realm of information security. Students will learn to identify, assess, and prioritize risks to organizational information assets in the context of current threat landscapes and regulatory frameworks. Emphasis is placed on developing risk mitigation strategies, understanding legal and ethical considerations, conducting risk assessments, and utilizing frameworks such as ISO 27005 and NIST SP 800-30. Through case studies and practical exercises, students will acquire the skills necessary to design, implement, and maintain effective risk management programs that safeguard data confidentiality, integrity, and availability.
Recommended Textbook
Principles of Information Security 4th Edition by Michael E. Whitman
Source URL: https://quizplus.com/study-set/2244
Chapter 1: Introduction to Information Security
Available Study Resources on Quizplus for this Chatper
78 Verified Questions
78 Flashcards
Source URL: https://quizplus.com/quiz/44634
Sample Questions
Q1) In information security,salami theft occurs when an employee steals a few pieces of information at a time,knowing that taking more would be noticed - but eventually the employee gets something complete or useable._________________________
A)True
B)False
Answer: True
Q2) ____ security addresses the issues necessary to protect the tangible items,objects,or areas of an organization from unauthorized access and misuse.
A)Physical
B)Personal
C)Object
D)Standard
Answer: A
Q3) Policies are written instructions for accomplishing a specific task._________________________
A)True
B)False
Answer: False
To view all questions and flashcards with answers, click on the resource link above.
3
Chapter 2: The Need for Security
Available Study Resources on Quizplus for this Chatper
78 Verified Questions
78 Flashcards
Source URL: https://quizplus.com/quiz/44635
Sample Questions
Q1) A worm can deposit copies of itself onto all Web servers that the infected system can reach,so that users who subsequently visit those sites become infected. A)True
B)False
Answer: True
Q2) A computer virus consists of segments of code that perform ____________________ actions.
Answer: malicious
Q3) The timing attack explores the contents of a Web browser's ____________________.
Answer: cache
Q4) DoS attacks cannot be launched against routers. A)True
B)False
Answer: False
Q5) Cyberterrorists hack systems to conduct terrorist activities via network or Internet pathways._________________________ A)True
B)False
Answer: True
Page 4
To view all questions and flashcards with answers, click on the resource link above.
Chapter 3: Legal, Ethical, and Professional Issues in Information Security
Available Study Resources on Quizplus for this Chatper
78 Verified Questions
78 Flashcards
Source URL: https://quizplus.com/quiz/44636
Sample Questions
Q1) The National Information Infrastructure Protection Act of 1996 modified which Act?
A)USA PATRIOT Act
B)USA PATRIOT Improvement and Reauthorization Act
C)Computer Security Act
D)Computer Fraud and Abuse Act
Answer: D
Q2) Laws and policies and their associated penalties only deter if which of the following conditions is present?
A)Fear of penalty
B)Probability of being caught
C)Probability of penalty being administered
D)All of the above
Answer: D
Q3) "Long arm ____________________" refers to the long arm of the law reaching across the country or around the world to draw an accused individual into its court systems.
Answer: jurisdiction
To view all questions and flashcards with answers, click on the resource link above.
Page 5
Chapter 4: Risk Management
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/44637
Sample Questions
Q1) Major risk is a combined function of (1)a threat less the effect of threat-reducing safeguards,(2)a vulnerability less the effect of vulnerability reducing safeguards,and (3)an asset less the effect of asset value-reducing safeguards._________________________
A)True
B)False
Q2) Risk control is the application of controls to reduce the risks to an organization's data and information systems.
A)True
B)False
Q3) The difference between an organization's measures and those of others is often referred to as a performance ____________________.
Q4) In information security,benchmarking is the comparison of security activities and events against the organization's future performance._________________________
A)True
B)False
Q5) The ____________________ strategy is the risk control strategy that attempts to prevent the exploitation of the vulnerability.
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Planning for Security
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/44638
Sample Questions
Q1) The Federal Bureau of Investigation deals with many computer crimes that are categorized as felonies.
A)True
B)False
Q2) Every member of the organization needs a formal degree or certificate in information security.
A)True
B)False
Q3) Compare electronic vaulting and remote journaling.
Q4) The stated purpose of ____ is to "give recommendations for information security management for use by those who are responsible for initiating,implementing,or maintaining security in their organization."
A)NIST SP800-18
B)RFC 2196
C)ISO/IEC 27002
D)BS7799 (Part 2)
Q5) What three purposes does the ISSP serve?
Q6) A(n)____________________ server performs actions on behalf of another system.
Q7) RAID Level 1 is commonly called disk ____________________.
Q8) What is the purpose of security education,training,and awareness (SETA)? Page 7
To view all questions and flashcards with answers, click on the resource link above.
Page 8
Chapter 6: Security Technology: Firewalls and Vpns
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/44639
Sample Questions
Q1) In addition to recording intrusion attempts,a(n)router can be configured to use the contact information to notify the firewall administrator of the occurrence of an intrusion attempt._________________________
A)True
B)False
Q2) Firewalls can be categorized by processing mode,development era,or structure.
A)True
B)False
Q3) ____________________ (terminal emulation)access to all internal servers from the public networks should be blocked.
Q4) List and describe the three interacting services of the Kerberos system.
Q5) A ____ filtering firewall can react to an emergent event and update or create rules to deal with the event.
A)dynamic
B)static
C)stateful
D)stateless
Q6) The application firewall is also known as a(n)____________________ server.
Q7) The architecture of a(n)____________________ firewall provides a DMZ.
Page 9
To view all questions and flashcards with answers, click on the resource link above.
Chapter 7: Security Technology: Intrusion Detection and
Prevention Systems, and Other Security Tools
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/44640
Sample Questions
Q1) A fully distributed IDPS control strategy is the opposite of the centralized strategy. A)True
B)False
Q2) The ____________________ port is also known as a switched port analysis port or mirror port.
Q3) In DNS cache poisoning,valid packets exploit poorly configured DNS servers to inject false information to corrupt the servers' answers to routine DNS queries from other systems on the network.
A)True
B)False
Q4) Using ____,the system reviews the log files generated by servers,network devices,and even other IDPSs.
A)LFM
B)stat IDPS
C)AppIDPS
D)HIDPS
Q5) A packet ____________________ is a network tool that collects copies of packets from the network and analyzes them.
Page 10
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Cryptography
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/44641
Sample Questions
Q1) To use a(n)____________________ cipher,you substitute one value for another.
Q2) Once the attacker has successfully broken an encryption,he or she may launch a replay attack,which is an attempt to resubmit a recording of the deciphered authentication to gain entry into a secure source.
A)True
B)False
Q3) A(n)____________________ authority operates under the trusted collaboration of the certificate authority and can be delegated day-to-day certification functions,such as verifying registration information about new registrants,generating end-user keys,revoking certificates,and validating that users possess a valid certificate.
Q4) Standard-HTTP (S-HTTP)is an extended version of the Hypertext Transfer Protocol that provides for the encryption of individual messages transmitted via the Internet between a client and server.
A)True
B)False
Q5) Hashing functions do not require the use of keys,but it is possible to attach a message ____________________ code.
Q6) A(n)____________________ substitution uses one alphabet.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 9: Physical Security
Available Study Resources on Quizplus for this Chatper
78 Verified Questions
78 Flashcards
Source URL: https://quizplus.com/quiz/44642
Sample Questions
Q1) The most sophisticated locks are ____ locks.
A)manual
B)programmable
C)electronic
D)biometric
Q2) SPS systems provide power conditioning.
A)True
B)False
Q3) Building codes require that each floor have a number of ____________________,or walls that limit the spread of damage should a fire break out in an office.
Q4) UPS devices typically run up to ____ VA.
A)100
B)250
C)500
D)1,000
Q5) A specialized type of keycard reader is the ____________________ reader,which allows individuals simply to place their cards within the reader's range.
Q6) Explain how a mantrap works.
Page 12
Q7) The thermal detection systems contain a sophisticated heat
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Implementing Information Security
Available Study Resources on Quizplus for this Chatper
78 Verified Questions
78 Flashcards
Source URL: https://quizplus.com/quiz/44643
Sample Questions
Q1) Once a project is underway,it is managed to completion using a process known as a negative ____________________ loop.
Q2) In the ____ process,measured results are compared to expected results.
A)negative feedback loop
B)wrap-up
C)direct changeover
D)turnover
Q3) In a ____ implementation,the entire security system is put in place in a single office,department,or division,and issues that arise are dealt with before expanding to the rest of the organization.
A)loop
B)direct
C)parallel
D)pilot
Q4) The size of the organization and the normal conduct of business may preclude a single large training program on new security procedures or technologies.
A)True
B)False
Q5) What major project tasks does the WBS document?
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 11: Security and Personnel
Available Study Resources on Quizplus for this Chatper
78 Verified Questions
78 Flashcards
Source URL: https://quizplus.com/quiz/44644
Sample Questions
Q1) ISSEP stands for Information Systems Security Expert Professional._________________________
A)True B)False
Q2) The CISA certification is for information security management professionals._________________________
A)True B)False
Q3) ____ is a cornerstone in the protection of information assets and in the prevention of financial loss.
A)Fire protection
B)Business separation
C)Separation of duties
D)Collusion
Q4) SCP stands for Security Certified Program._________________________ A)True B)False
Q5) All of the existing certifications are fully understood by hiring organizations. A)True B)False
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 12: Information Security Maintenance
Available Study Resources on Quizplus for this Chatper
103 Verified Questions
103 Flashcards
Source URL: https://quizplus.com/quiz/44645
Sample Questions
Q1) The ____ list is intended to facilitate the development of a free network exploration tool.
A)Nmap-hackers
B)Packet Storm
C)Security Focus
D)Snort-sigs
Q2) A(n)____ item is a hardware or software item that is to be modified and revised throughout its life cycle.
A)revision
B)update
C)change
D)configuration
Q3) A ____ is the recorded state of a particular revision of a software or hardware configuration item.
A)state
B)version
C)configuration
D)baseline
Q4) Virtually all aspects of a company's environment are ____________________.
Q5) Rehearsals that closely match reality are called ____________________ games.
To view all questions and flashcards with answers, click on the resource link above. Page 15