Risk Management & Treating Risks
Because even the implementation of new technologies does not necessarily guarantee an organization can gain or maintain a competitive lead, the concept of __________ has emerged as organizations strive not to fall behind technologically.
competitive disadvantage
In information security, a framework or security model customized to an organization, including implementation details, is a _________.
blueprint
When hiring security personnel, which of the following should be conducted before the organization extends an offer to any candidate, regardless of job level?
background check
Contingency planning or business continuity planning is primarily focused on developing __________.
plans for unexpected adverse events
A primary mailing list for new vulnerabilities, called simply _____, provides time-sensitive coverage of emerging vulnerabilities, documenting how they are exploited and reporting on how to remediate them. Individuals can register for the flagship mailing list or any one of the entire family of its mailing lists.
Bugtraq
Which type of firewall keeps track of each network connection established between internal and external systems?
stateful packet inspection
Which alternative risk management methodology is a process promoted by the Computer Emergency Response Team (CERT) Coordination Center (www.cert.org) that has three variations for different organizational needs, including one known as ALLEGRO?
OCTAVE
Which of the following is a generic model for a security program?
framework
Incorporating InfoSec components into periodic employee performance evaluations can __________.
heighten InfoSec awareness
Which of the following is the first component in the contingency planning process?
business impact analysis
U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) coordinates CERT services at ________.
US-CERT
The combination of a system's TCP/IP address and a service port is known as a __________.
NAT
What strategic role do the InfoSec and IT communities play in risk management? Explain each one.
InfoSec - Because members of the InfoSec community best understand the threats and attacks that introduce risk, they often take a leadership role in addressing risk.
IT - This group must help to build secure systems and ensure their safe operation. For example, IT builds and operates information systems that are mindful of operational risks and have proper controls implemented to reduce risk.
The Information Security __________ is a managerial model provided by an industry working group, National Cyber Security Partnership, which provides guidance in the development and implementation of organizational InfoSec structures and recommends the responsibilities that various members should have in an organization.
Governance Framework
Which of the following policies makes it difficult for an individual to violate InfoSec and is quite useful in monitoring financial affairs?
separation of duties
Which of the following NIST Cybersecurity Framework (CSF) stages relates to implementation of effective security controls (policy, education, training and awareness, and technology)?
Protect
. _____, a level beyond vulnerability testing, is a set of security tests and evaluations that simulate attacks by a malicious external source like a hacker.
Penetration testing
Which type of IDPS is also known as a behavior-based intrusion detection system?
anomaly-based
Why is threat identification so important in the process of risk management?
Any organization typically faces a wide variety of threats. If you assume that every threat can and will attack every information asset, then the project scope becomes too complex. To make the process less unwieldy, each step in the threat identification and vulnerability identification processes is managed separately and then coordinated at the end. At every step, the manager is called on to exercise good judgment and draw on experience to make the process function smoothly.
The Information Technology Infrastructure Library (ITIL) is a collection of methods and practices primarily for __________.
managing the development and operation of IT infrastructures
Organizations are required by privacy laws to protect sensitive or personal employee information, including __________.
personally identifiable information (PII)
The steps in IR (Incident Response) are designed to:
stop the incident, mitigate incident effects, provide information for recovery from the incident
_____ penetration testing, also known as disclosure testing, is usually used when a specific system or network segment is suspect and the organization wants the pen tester to focus on a particular aspect of the target.
White box
Which type of IDPS works like antivirus software?
signature-based
What is the OCTAVE Method approach to risk management?
The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Method is an InfoSec risk evaluation methodology that allows organizations to balance the protection of critical information assets against the costs of providing protective and detection controls. This process can enable an organization to measure itself against known or accepted good security practices and then establish an organization-wide protection strategy and InfoSec risk mitigation plan.
Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec, and was created by ISACA and the IT Governance Institute?
COBIT
Which of the following terms is described as the process of designing, implementing, and managing the use of the collected data elements to determine the effectiveness of the overall security program?
performance management
Wwhat is a responsibility of the crisis management team?
keeping the public informed about the event and the actions being taken
Which tool can best identify active computers on a network?
port scanner
What is an application that entices individuals who are illegally perusing the internal areas of a network by providing simulated rich content areas while the software notifies the administrator of the intrusion?
honey pot