Risk Management in Information Systems Exam Review
Course Introduction
Risk Management in Information Systems provides an in-depth exploration of the processes and methodologies used to identify, assess, and mitigate risks in the context of information technology environments. The course examines the fundamental principles of risk management, regulatory and legal considerations, and industry standards related to information security. Students learn how to conduct risk assessments, analyze vulnerabilities, evaluate potential impacts, and implement controls to manage and reduce risk effectively. Through case studies and hands-on exercises, the course highlights best practices for developing risk management plans and integrating them into organizational policies, ensuring the resilience and security of information systems in the face of evolving threats.
Recommended Textbook
Principles of Information Security 6th Edition by Michael E. Whitman
Available Study Resources on Quizplus 12 Chapters
1148 Verified Questions
1148 Flashcards
Source URL: https://quizplus.com/study-set/2123 Page 2
Chapter 1: Introduction to Information Security
Available Study Resources on Quizplus for this Chatper
87 Verified Questions
87 Flashcards
Source URL: https://quizplus.com/quiz/42300
Sample Questions
Q1) To achieve balance-that is, to operate an information system that satisfies the user and the security professional-the security level must allow reasonable access, yet protect against threats.
A)True
B)False
Answer: True
Q2) <u>Hardware</u> is the physical technology that houses and executes the software, stores and transports the data, and provides interfaces for the entry and removal of information from the system. _________________________
A)True
B)False
Answer: True
Q3) The possession of information is the quality or state of having value for some purpose or end.
A)True
B)False
Answer: False
To view all questions and flashcards with answers, click on the resource link above.
Page 3
Chapter 2: The Need for Security
Available Study Resources on Quizplus for this Chatper
91 Verified Questions
91 Flashcards
Source URL: https://quizplus.com/quiz/42301
Sample Questions
Q1) A table of hash values and their corresponding plaintext values that can be used to look up password values if an attacker is able to steal a system's encrypted password file is known as a(n) __________.
A) rainbow table
B) dictionary
C) crib
D) crack file
Answer: A
Q2) Much human error or failure can be prevented with effective training and ongoing awareness activities.
A)True
B)False
Answer: True
Q3) ____________________ is unsolicited commercial e-mail.
Answer: Spam
Q4) Attempting to reverse-calculate a password is called ____________________. Answer: cracking
Q5) A momentary low voltage is called a(n) ____________________. Answer: fault
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: Legal, Ethical, and Professional Issues in Information Security
Available Study Resources on Quizplus for this Chatper
83 Verified Questions
83 Flashcards
Source URL: https://quizplus.com/quiz/42302
Sample Questions
Q1) __________ is the unauthorized taking of personally identifiable information with the intent of committing fraud or another illegal or unethical purpose.
Answer: Identity theft ID theft
Q2) The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any __________ purposes.
A) troubleshooting
B) billing
C) customer service
D) marketing
Answer: D
Q3) The low overall degree of tolerance for __________ system use may be a function of the easy association between the common crimes of breaking and entering, trespassing, theft, and destruction of property to their computer-related counterparts.
Answer: illicit
Q4) Software license infringement is also often called software __________.
Answer: piracy
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Planning for Security
Available Study Resources on Quizplus for this Chatper
109 Verified Questions
109 Flashcards
Source URL: https://quizplus.com/quiz/42303
Sample Questions
Q1) The policy administrator is responsible for the creation, revision, distribution, and storage of the policy.
A)True B)False
Q2) A(n) <u>sequential </u>roster is activated as the first person calls a few people on the roster, who in turn call a few other people. _________________________
A)True
B)False
Q3) Good security programs begin and end with policy.
A)True
B)False
Q4) Standards may be published, scrutinized, and ratified by a group, as in formal or ________ standards.
A) de formale
B) de public
C) de jure
D) de facto
Q5) RAID Level 1 is commonly called disk ____________________.
Q6) What three purposes does the ISSP serve
Page 6
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Risk Management
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/42304
Sample Questions
Q1) A(n) _________ is a formal access control methodology used to assign a level ofconfidentiality to an information asset and thus restrict the number of people who can access it.
A) security clearance scheme
B) data recovery scheme
C) risk management scheme
D) data classification scheme
Q2) Operational feasibility is an assessment of whether the organization can acquire the technology necessary to implement and support the proposed control.
A)True
B)False
Q3) Risk _________ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.
A) benefit
B) appetite
C) acceptance
D) avoidance
Q4) What is a cost-benefit analysis (CBA) and how can it be calculated
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Security Technology: Access Controls, Firewalls, and VPNS
Available Study Resources on Quizplus for this Chatper
106 Verified Questions
106 Flashcards
Source URL: https://quizplus.com/quiz/42305
Sample Questions
Q1) <u>Traceroute</u>, formally known as an ICMP Echo request, is used by internal systems administrators to ensure that clients and servers can communicate.
A)True
B)False
Q2) Kerberos uses <u>asymmetric</u> key encryption to validate an individual user to various network resources. _________________________
A)True
B)False
Q3) When Web services are offered outside the firewall, <u>SMTP</u> traffic should be blocked from internal networks through the use of some form of proxy access or DMZ architecture. _________________________
A)True
B)False
Q4) The application layer proxy firewall is also known as a(n) __________.
A) application firewall
B) client firewall
C) proxy firewall
D) All of the above
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Security Technology: Intrusion Detection and
Prevention Systems, and Other Security Tools
Available Study Resources on Quizplus for this Chatper
107 Verified Questions
107 Flashcards
Source URL: https://quizplus.com/quiz/42306
Sample Questions
Q1) A strategy based on the concept of defense in depth is likely to include intrusion detection systems, active vulnerability scanners, passive vulnerability scanners, automated log analyzers, and protocol analyzers.
A)True
B)False
Q2) List and describe at least four reasons to acquire and use an IDPS.
Q3) A(n) ____________________ vulnerability scanner is one that initiates traffic on the network in order to determine security holes.
Q4) A(n) ____________________ system contains pseudo-services that emulate well-known services, but is configured in ways that make it look vulnerable to attacks.
Q5) In the process of protocol <u>application </u>verification, the NIDPSs look for invalid data packets. _________________________
A)True B)False
Q6) The ____________________ port is also known as a switched port analysis (SPAN) port or mirror port.
Q7) List and describe the four advantages of HIDPSs.
Page 9
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Cryptography
Available Study Resources on Quizplus for this Chatper
109 Verified Questions
109 Flashcards
Source URL: https://quizplus.com/quiz/42307
Sample Questions
Q1) More advanced substitution ciphers use two or more alphabets, and are referred to as __________ substitutions.
A) multialphabetic
B) monoalphabetic
C) polyalphabetic
D) polynomic
Q2) The permutation cipher simply rearranges the values within a block to create the ciphertext.
A)True
B)False
Q3) A mathematical ____________________ is a secret mechanism that enables you to easily accomplish the reverse function in a one-way function.
Q4) Bit stream methods commonly use algorithm functions like the exclusive OR operation (__________).
A) XOR
B) EOR
C) NOR
D) OR
Q5) Describe how hash functions work and what they are used for.
To view all questions and flashcards with answers, click on the resource link above. Page 10
Chapter 9: Physical Security
Available Study Resources on Quizplus for this Chatper
77 Verified Questions
77 Flashcards
Source URL: https://quizplus.com/quiz/42308
Sample Questions
Q1) When the lock of a door fails and causes the door to become unlocked, it is classified as a fail-secure lock.
A)True
B)False
Q2) _________________________ locks can be integrated into alarm systems and combined with other building management systems.
Q3) There are three methods of data interception: direct observation, interception of data transmission, and mechanical interception.
A)True
B)False
Q4) __________ sensors project and detect an infrared beam across an area.
A) Photoelectric
B) Smoke
C) Air-aspirating
D) Thermal
Q5) The temperature of ignition is called the _________________________ of a material.
Q6) Class _________________________fires are extinguished by agents that interrupt the ability of the fuel to be ignited.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Implementing Information Security
Available Study Resources on Quizplus for this Chatper
78 Verified Questions
78 Flashcards
Source URL: https://quizplus.com/quiz/42309
Sample Questions
Q1) The budgets of public organizations are usually the product of legislation or public meetings.
A)True
B)False
Q2) What are the major steps in executing the project plan
Q3) During the implementation phase, the organization translates its blueprint for information security into a project ____________________.
Q4) In systems development, JAD (____________________ development) means getting key representatives of user groups to serve as members of the development process.
Q5) The level of resistance to ____________________ impacts the ease with which an organization is able to implement procedural and managerial changes.
Q6) The <u>RFP</u> determines the impact that a specific technology or approach can have on the organization's information assets and what it may cost.
A)True
B)False
Q7) What minimum attributes for project tasks does the WBS document
Q8) What can the organization do by managing the process of change
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Security and Personnel
Available Study Resources on Quizplus for this Chatper
77 Verified Questions
77 Flashcards
Source URL: https://quizplus.com/quiz/42310
Sample Questions
Q1) The information security function cannot be placed within protective services.
A)True
B)False
Q2) A(n) ____________________ agency provides specifically qualified individuals at the paid request of another company.
Q3) The International Society of Forensic Computer Examiners (ISFCE) offers two levels of certification: the Certified Computer Examiner (CCE) and the <u>Master</u> Certified Computer Examiner (MCCE). _________________________
A)True
B)False
Q4) To maintain a secure facility, all contract employees should be escorted from room to room, as well as into and out of the facility.
A)True
B)False
Q5) The SSCP examination is much more rigorous than the CISSP examination. A)True
B)False
Q6) Describe the concept of separation of duties.
Q7) What tasks must be performed when an employee prepares to leave an organization
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Information Security Maintenance
Available Study Resources on Quizplus for this Chatper
116 Verified Questions
116 Flashcards
Source URL: https://quizplus.com/quiz/42311
Sample Questions
Q1) The objective of the external ____________________ domain within the maintenance model is to provide early awareness of new and emerging threats, threat agents, vulnerabilities, and attacks that the organization needs in order to mount an effective and timely defense.
Q2) ____________________ is the process of reviewing the use of a system, not to check performance but to determine if misuse or malfeasance has occurred.
Q3) The vulnerability database, like the risk, threat, and attack database, both stores and tracks information.
A)True
B)False
Q4) The final process in the vulnerability assessment and remediation domain is the<u> exit </u>phase. _________________________
A)True
B)False
Q5) In an online or __________ data acquisition, forensic investigators use network-based tools to acquire a protected copy of the information.
Q6) List the four steps to developing a CM plan.
Q7) Why should agencies monitor the status of their programs
Page 14
To view all questions and flashcards with answers, click on the resource link above.