Risk Management in Information Systems
Midterm Exam
Course Introduction
Risk Management in Information Systems explores the principles and practices essential for protecting information assets in todays digital landscape. The course examines the identification, assessment, and mitigation of risks associated with information systems, including threats to data confidentiality, integrity, and availability. Students will learn about risk management frameworks, threat modeling, vulnerability assessment, regulatory compliance, and the development of security policies. Through case studies and practical exercises, participants gain hands-on experience in evaluating organizational risks and implementing effective controls to safeguard information in both traditional and cloud-based environments.
Recommended Textbook
Principles of Information Security 6th Edition by Michael
Available Study Resources on Quizplus
12 Chapters
1148 Verified Questions
1148 Flashcards
Source URL: https://quizplus.com/study-set/2123
Page 2
E. Whitman
Chapter 1: Introduction to Information Security
Available Study Resources on Quizplus for this Chatper
87 Verified Questions
87 Flashcards
Source URL: https://quizplus.com/quiz/42300
Sample Questions
Q1) The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).
A)True
B)False
Answer: False
Q2) A(n) ____________________ is a group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objectives.
Answer: community of interest
Q3) A(n)<u> project </u>team should consist of a number of individuals who are experienced in one or multiple facets of the technical and nontechnical areas.
A)True
B)False
Answer: True
Q4) A potential weakness in an asset or its defensive control system(s) is known as a(n)
Answer: vulnerability
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: The Need for Security
Available Study Resources on Quizplus for this Chatper
91 Verified Questions
91 Flashcards
Source URL: https://quizplus.com/quiz/42301
Sample Questions
Q1) <u>Computer</u> assets are the focus of information security and are the information that has value to theorganization, as well as the systems that store, process, and transmit the information. ____________
A)True
B)False
Answer: False
Q2) Forces of nature, sometimes called acts of God, can present some of the most dangerous threats because they usually occur with very little warning and are beyond the control of people.
A)True
B)False
Answer: True
Q3) ____ is any technology that aids in gathering information about a person or organization without their knowledge.
A) A bot
B) Spyware
C) A Trojan
D) A worm
Answer: B
To view all questions and flashcards with answers, click on the resource link above.
Page 4
Chapter 3: Legal, Ethical, and Professional Issues in Information Security
Available Study Resources on Quizplus for this Chatper
83 Verified Questions
83 Flashcards
Source URL: https://quizplus.com/quiz/42302
Sample Questions
Q1) Laws, policies, and their associated penalties only provide deterrence if offenders fear the penalty, expect to be caught, and expect the penalty to be applied if they are caught.
A)True
B)False
Answer: True
Q2) Studies on ethics and computer use reveal that people of different nationalities have different perspectives; difficulties arise when one nationality's ethical behavior violates the ethics of another national group.
A)True
B)False Answer: True
Q3) The Federal Privacy Act of 1974 regulates government agencies and holds them accountable if they release information about <u>national security</u>without permission. _________________________
A)True
B)False Answer: False
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Planning for Security
Available Study Resources on Quizplus for this Chatper
109 Verified Questions
109 Flashcards
Source URL: https://quizplus.com/quiz/42303
Sample Questions
Q1) A(n) <u>capability</u> table specifies which subjects and objects users or groups can access. _________________________
A)True
B)False
Q2) The transfer of large batches of data to an off-site facility, usually through leased lines or services, is called ____.
A) off-site storage
B) remote journaling
C) electronic vaulting
D) database shadowing
Q3) ____________________ management is an organization's set of planning and preparation efforts for dealing with potential human injury, emotional trauma, or loss of life as a result of a disaster.
Q4) You can create a single, comprehensive ISSP document covering all information security issues.
A)True
B)False
Q5) What three purposes does the ISSP serve
Q6) What is the purpose of security education, training, and awareness (SETA)
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Risk Management
Available Study Resources on Quizplus for this Chatper
108 Verified Questions
108 Flashcards
Source URL: https://quizplus.com/quiz/42304
Sample Questions
Q1) Once the inventory and value assessment are complete, you can prioritize each asset using a straightforward process known as ____________________ analysis.
Q2) In information security, <u>benchmarking</u> is the comparison of past security activities and events against the organization's current performance.
A)True
B)False
Q3) Risk _________ is the application of security mechanisms to reduce the risks to an organization's data and information systems.
A) management
B) control
C) identification
D) security
Q4) Organizations should communicate with system users throughout the development of the security program, letting them know that changes are coming, and reduce resistance to these expected changes through communication, education, and involvement.
A)True
B)False
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Security Technology: Access Controls, Firewalls, and VPNS
Available Study Resources on Quizplus for this Chatper
106 Verified Questions
106 Flashcards
Source URL: https://quizplus.com/quiz/42305
Sample Questions
Q1) Firewalls operate by examining a data packet and performing a<u> comparison</u> with some predetermined logical rules. _________________________
A)True
B)False
Q2) The primary disadvantage of stateful packet inspection firewalls is the additional processing required to manage and verify packets against the state table.
A)True
B)False
Q3) In order to keep the Web server inside the internal network, direct all HTTP requests to the <u>internal filtering firewall</u> and configure the internal filtering router/firewall to allow only that device to access the internal Web server.
A)True
B)False
Q4) ____________________ is a firewall type that keeps track of each network connection between internal and external systems using a table and that expedites the processing of those communications.
To view all questions and flashcards with answers, click on the resource link above. Page 8
Q5) The architecture of a(n) ____________________ firewall provides a DMZ.
Chapter 7: Security Technology: Intrusion Detection and
Prevention Systems, and Other Security Tools
Available Study Resources on Quizplus for this Chatper
107 Verified Questions
107 Flashcards
Source URL: https://quizplus.com/quiz/42306
Sample Questions
Q1) __________ are usually passive devices and can be deployed into existing networks with little or no disruption to normal network operations.
A) NIDPSs
B) HIDPSs
C) AppIDPSs
D) SIDPSs
Q2) A(n) ____________________ vulnerability scanner is one that initiates traffic on the network in order to determine security holes.
Q3) In DNS cache poisoning, valid packets exploit poorly configured DNS servers to inject false information and corrupt the servers' answers to routine DNS queries from other systems on the network.
A)True
B)False
Q4) A fully distributed IDPS control strategy is an IDPS implementation approach in which all controlfunctions are applied at the physical location of each IDPS component.
A)True
B)False
Q5) A signature-based IDPS is sometimes called a(n) ____________________-based IDPS.
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Cryptography
Available Study Resources on Quizplus for this Chatper
109 Verified Questions
109 Flashcards
Source URL: https://quizplus.com/quiz/42307
Sample Questions
Q1) The science of encryption is known as ____________________.
Q2) The AES algorithm was the first public-key encryption algorithm to use a 256-bit key length.
A)True B)False
Q3) In 1917, Gilbert S. Vernam, an AT&T employee, invented a polyalphabetic cipher machine that used a non-repeating random key.
A)True
B)False
Q4) The most popular modern version of <u>steganography </u>involves hiding information within files that contain digital pictures or other images.
A)True B)False
Q5) Hashing functions do not require the use of keys, but it is possible to attach a ____________________ code to allow only specified recipients to access the message digest.
Q6) The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption is called ___________.
Page 10
To view all questions and flashcards with answers, click on the resource link above.
Chapter 9: Physical Security
Available Study Resources on Quizplus for this Chatper
77 Verified Questions
77 Flashcards
Source URL: https://quizplus.com/quiz/42308
Sample Questions
Q1) A(n) _________________________ security plan requires that every building have clearly marked fire exits and maps posted throughout the facility.
Q2) A badge is an identification card that is typically carried concealed.
A)True
B)False
Q3) Water damage is considered less dangerous to computer systems than hazardous chemicals like Halon.
A)True
B)False
Q4) Vibration sensors fall into the motion sensor category.
A)True
B)False
Q5) A secure _________________________ is a physical location that has controls in place to minimize the risk of attacks from physical threats.
Q6) The U.S. government has developed a program named _________________________ to reduce the risk of EMR monitoring.
Q7) _________________________ detect movement within a confined space and are either active or passive.
Page 11
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Implementing Information Security
Available Study Resources on Quizplus for this Chatper
78 Verified Questions
78 Flashcards
Source URL: https://quizplus.com/quiz/42309
Sample Questions
Q1) What can the organization do by managing the process of change
Q2) The __________ layer of the bull's-eye model receives attention last.
A) Policies
B) Networks
C) Systems
D) Applications
Q3) The tasks or action steps that come before the specific task at hand are called ____________________.
Q4) Technology _____________________ is a complex process that organizations use to manage the impact and costs of technology implementation, innovation, and obsolescence.
Q5) The project planner should describe the skills or personnel needed for a task, often referred to as a(n) ____________________.
Q6) The level of resistance to ____________________ impacts the ease with which an organization is able to implement procedural and managerial changes.
Q7) A(n) ____________________ is a specific point in the project plan when a task that has a noticeable impact on the plan's progress is complete.
Q8) What are the major steps in executing the project plan
Page 12
To view all questions and flashcards with answers, click on the resource link above.
Chapter 11: Security and Personnel
Available Study Resources on Quizplus for this Chatper
77 Verified Questions
77 Flashcards
Source URL: https://quizplus.com/quiz/42310
Sample Questions
Q1) In many organizations, information security teams lack established roles and responsibilities.
A)True
B)False
Q2) __________ is a cornerstone in the protection of information assets and in the prevention of financial loss.
A) Fire suppression
B) Business separation
C) Separation of duties
D) Collusion
Q3) ISACA offers the CGEIT as well as the CISA and ____________________ certifications.
Q4) The breadth and depth covered in each of the domains makes the __________ one of the most difficult-to-attain certifications on the market.
A) NSA
B) CISO
C) CISSP
D) ISEP
Q5) What tasks must be performed when an employee prepares to leave an organization
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 12: Information Security Maintenance
Available Study Resources on Quizplus for this Chatper
116 Verified Questions
116 Flashcards
Source URL: https://quizplus.com/quiz/42311
Sample Questions
Q1) Major planning components should be reviewed on a periodic basis to ensure that they are current, accurate, and appropriate.
A)True
B)False
Q2) __________ are a component of the security triple.
A) Threats
B) Assets
C) Vulnerabilities
D) All of the above
Q3) The primary goal of the ____________________ monitoring domain is an informed awareness of the state of all the organization's networks, information systems, and information security defenses.
Q4) Intelligence for external monitoring can come from a number of sources: vendors, CERT organizations, public network sources, and membership sites.
A)True
B)False
Q5) The ____________________ vulnerability assessment is designed to find and document vulnerabilities that may be present in the organization's public network.
To view all questions and flashcards with answers, click on the resource link above. Page 14