IS 4550 Double Jeopardy

Chapter 8

Chapter 9-10

Chapter 11

Chapter 12-13

Chapter 14-15

100

This refers to the level of risk acceptance of an organization.

What is risk appetite?

100

This domain's policy would include VPN.

What is remote access domain?

100

Labelling data is known as:

What is data classification?

100

An event that violates policy

What is an incident?

100

This committee would approve FTP's.

What is the external connection committee?

200

Individuals responsible for ensuring data quality

What are data stewards?

200

This policy framework element could include something like this: Unix minimum password => 8

What is a baseline?

200

The length of time to store or keep something.

What is a retention period?

200

An attack in which a server is bombarded with requests to cause an outage.

What is a Denial of Service (DOS)?

200

A free server product used to manage client patches and updates.

What is Windows Server Update Services (WSUS)?

300

The head of the information security function

What is a CISO? Chief Information Security Officer

300

A process or account used to grant temporary access.

What is a firecall ID?

300

Name one of two issues when classifying data?

What is data ownership or security controls?

300

The first step in incident response.

What is discovery?

300

Reporting a problem that isn't valid.

What is a false positive?

400

The second line of defense in risk management

What is enterprise risk management program?

400

The acronym PPA stand for this.

What is Privileged Access Agreement?

400

The last stage of the data life cycle.

What is destruction?

400

What is the broadest issue encountered in implementing security policies?

What is culture?

400

The law that allows companies to monitor emails and web traffic of their employees.

What is the Electronic Communications Privacy Act (ECPA)?

500

This takes a broad focus on risk

What is enterprise risk management (ERM)?

500

Pretending to be from the IT department to steal credentials or information.

What is pre-texting?

500

The first step in building a business continuity plan.

What is the business impact analysis (BIA)?

500

One of the first and most important things to do before trying to implement policy.

What is gain executive support?

500

A network security device that acts as a decoy.

What is a honeypot?