1. Best security practices (BSPs) balance the need for information access with t

Question

1. Best security practices (BSPs) balance the need for information access with the need for adequate protection while simultaneously demonstrating social responsibility. A) True B) False 2. When an organization applies statistical and quantitative forms of mathematical analysis to the data points collected to measure the activities and outcomes of the InfoSec program, it is using InfoSec best practices A) True B) False 3. Accreditation is the authorization of an IT system to process, store, or transmit information. A) True B) False 4. A community of management and users that is well trained and informed about threats facing the organization can be crucial in the early detection and response process. A) True B) False 5. The information technology community often takes on the leadership role in addressing risk. A) True B) False 6. At a minimum organizations should have a simple data classification scheme categorizing information assets based on their sensitivity and security needs; for example: confidential, internal and public. A) True B) False 7. Economic and non-economic effects of a weakness must be evaluated after a strategy for dealing with a particular vulnerability has been selected. A) True B) False 8. Residual risk is also known as risk tolerance and is the amount of risk organizations are willing to accept after all reasonable controls have been implemented A) True B) False 9. Asset valuation does NOT have to consider the value of information to adversaries or loss of revenue while information assets are unavailable. A) True B) False 10. Network-address translation (NAT) is often implemented with the screened-host firewalls architecture. A) True B) False 11. Kerberos uses asymmetric key encryption to validate an individual user

Explanation / Answer

1. Best security practices (BSPs) balance the need for information access with the need for adequate protection while simultaneously demonstrating social responsibility.
B) False

2. When an organization applies statistical and quantitative forms of mathematical analysis to the data points collected to measure the activities and outcomes of the InfoSec program, it is using InfoSec best practices
B) False

3. Accreditation is the authorization of an IT system to process, store, or transmit information.
A) True


4. A community of management and users that is well trained and informed about threats facing the organization can be crucial in the early detection and response process.
A) True


5. The information technology community often takes on the leadership role in addressing risk.
B) False

6. At a minimum organizations should have a simple data classification scheme categorizing information assets based on their sensitivity and security needs; for example: confidential, internal and public.
A) True

7. Economic and non-economic effects of a weakness must be evaluated after a strategy for dealing with a particular vulnerability has been selected.
B) False


8. Residual risk is also known as risk tolerance and is the amount of risk organizations are willing to accept after all reasonable controls have been implemented
B) False

9. Asset valuation does NOT have to consider the value of information to adversaries or loss of revenue while information assets are unavailable.
B) False

10. Network-address translation (NAT) is often implemented with the screened-host firewalls architecture.
B) False

11. Kerberos uses asymmetric key encryption to validate an individual user

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.