MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.

1)

Which of the following is NOT a state in which informatio n exists?

1)

_______ A)

Transmitted

B) Stored

Processed

D) Factor ed 2 )

Why is it important to consistent ly enforce policy, and not "go easy on someone" ?

2)

_______ A)

Tl P hor o ega li ni c w i za etio ln f is am r or ee im opo f rta nt t th han eth e oin vdi evi r du aal' ls

es should never be broken

Playing favorites D)

creates resentment

It is easier to 3)

defend in court

Which of the following is LEAST likely to lead to employee s accepting and following policy?

3)

_______ A)

I ci S nes e t th e r ro k oug i dh n utrap cini u eng pr pog ora lm is

t from the organiz ation when develo ping policies

Consistently D)

enforce policies

Make policy 4)

compliance part of the job descriptions

Why is it important to prepare written policies?

4)

_______ A)

AartS of o pth t oe h l co e i rp p cor yat e i cu sltu re p

olicies can be commu nicated more easily

This helps to D)

ensure consistency

It is required by 5)

law

Why is it important for leadership to set a tone of complianc e with policy?

5)

_______ A)

Ms T ao h nm e ae y gof a eth r m e ew nor t st off aen r de ers

e the ones that write the policies

The rest of the D)

organization feels better about following the rules

It is part of their 6)

job

When should informatio n security policies, procedure s, standards , and guidelines be revisited?

6)

_______ A)

N A nnually wr eitt ven ean rd ; pu bli osh ned c, eth ey tm hus et ybe ad ahe r re ed to

As indicated in the policy D)

When dictated by 7)

change drivers

Which is the best way to foster acceptanc e of a new policy?

7)

_______ A)

H E tin ogs n l to s dex u pl r m e ai en it eit i s

detaile d enough that everyo ne will underst and it

Involve people in D)

policy development by conducting interviews

Give everyone a 8)

copy of the policy after it is written

Which is a two wall challenge ?

8)

_______ A)

W L eness, ici hes a and the eco c lack of nnfl k awaren ict o ess t wi f about w a the th oea w lack of ch a awaren pot r ess ohe lr

Screened-subnet D)

firewall

Requiring security badges at both doors to a room

9)

Which is the preferred approach to organizing informatio n security policies, procedure s, standards , and guidelines ?

9)

_______ A)

Kse C ne epa o standar eratm ds and pe b guideli fro i nes tm hth ee pr poc oed l ur i es c, yst an dda ord cs, uan m d egu nid t eli sne s

Combine policies D)

and procedures

Keep them all

separate

10)

Why do we need the GrahamLeachBliley Act (GLBA)?

10)

______ A)

Hns T banks emu h posses ast e s can l saf i be t egun identif hard f iable pri o and c vat r whole ae min r heaa regard elth t to any car i custo oe o mer r infon grm aati non i fro zm adis t clo i sur oe

Businesses need D)

expert advice to achieve and sustain compliance

It protects banks

from lawsuits due to a lack of fair treatment of employees

11)

What should be the conseque nces of informatio n security policy violations ?

11)

______ A)

I evo C ith the m cati o critical m on mity of eof minform dall e ation i use n the ar s policy t pri u was evile r writte ges a n to r t protec et w

Always up to, and D)

including, termination

Violations should

be cited in the person's annual performance review

12)

Leadershi p by setting the example, or "do as I do", is considere d:

12)

______ A)

S onl T tive oy h leader m be e ship eem mstyle, t plo o especi hyed s ally in i wh t relatio nen e n to ginfof inform rm f ation t ati e securit hon c y asec t urit y s poli hcie os uare l ne dw

The same as D)

"management by walking around"

Ineffective in a

high-tech company

13)

Why is it important to remind people about best practice informatio n security behaviors ?

13)

______ A)

I are R nforce t aw e their are mknowl etha i edge, nt n and s ma d help unage them r em r better eent s unders s is r tand wat e expect t chi i ations hng ethe ym

This approach is a mandatory requirement of information security policies D)

Reminders are the least expensive way to ensure compliance with policies

14)

Which is the worst that may happen if informatio n security policies are out of date, or address technologi es no longer used in the organizati on?

14)

______ A)

Eana T y may xge h incur eme e unnec c nt c essary uma o costs t y mto i bec p chang vom a e ee n them ups m et

People may not D)

know which policy applies

People may take

the policies less seriously, or dismiss them entirely

15)

Which is the best goal for a new policy?

15)

______ A)

Alect A mana c the p geme c cur p nt, uren r and r t o unders atec v tood t hnoe by elog d everyo l y b ne yenv y iro r nm eent f

Secure and protect assets from foreseeable harm, and provide flexibility for the unforeseen D)

Comply with

applicable government policy

16)

Which part of the U.S. Constituti on is analogous to the first approved version of a new informatio n security policy?

16)

______ A)

Articles

B) The

Torah

Amendments

D) The

Bill of

7)

In what way are the Torah and the U.S. Constituti on like informatio n security policies?

17)

______ A)

Te T hrol h ee e yof y gov s dern e eme r f nt v i in e nour a edail s y t live hs

rules to guide behavi or in suppor t of organi zation al goals

They include D)

business rules

They contain

articles and amendments

18)

What issue is addressed by both the Bible and corporate policies?

18)

______ A)

Wm S tealing i ay t ado hpt oco um t mo n c beh oavi m ors m and ocho nice s r tha ut l ma eke s the , ove rall pgro eup oles ps l sta eble

The behavior of D)

people in power

People tend to

forget things if they are not periodically reminded of their obligations

SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question. 19)

An informatio n security ________ exists when users share account names and password s with each other.

19)

______ _______

20

An organizati on which does not enforce policy is said to have ________ policies.

20)

______ _______

21

The ________ are either elected or chosen to direct the affairs of a corporatio n, and are responsibl e for providing oversight of the informatio n security program.

21)

______ _______

22

According to HIPAA, private health care informatio n must remain protected from damage, misuse, and ________.

22)

______ _______

23

The U.S. Constituti on's ________ are the built-in framewor k that makes it possible to change the document , while still adhering to its original intent.

23)

______ _______

24

Match information security function each role with its responsibi lities to the right: I. Board of Directors A. Ensure that informatio n security controls are functionin g intended II. Informatio n Owner B. Approve written informatio n security policies III. Data Custodian C. Establish the controls that provide informatio n security IV. ISOD. Process and store informatio n V. Internal Auditor E. Administe r the

24)

______ _______ 25 )

Match the deal with another following terms to their meanings: I. Foreign Policy A. Policy adopted by society through legislative means to govern its people II. Law B. Civil or criminal; imposed for violations III. Policy Area C. A general topic, which relates to specific behavior and expectati ons IV. Penalty D. Standards for public and private education V. Education Policy E. Ways and means for one nation to

25)

______ _______

1 )

D 2)

A D 3 )4 )

C 5)

C 6)

D 7)

C 8)

B 9)

A 10)

B 11)

B 12)

B 13)

B 14)

D 15)

C 16)

A 17)

B 18)

A 19)

gap 20)

paper only 21)

Board of Directors 22)

disclo sure 23)

amen dments 24)

BCD EA 25)

EAC BD