Which of the following were actions the textbook listed as guides to manage IT security.
Work with users to make everyone more secure.
Avoid the risks.
Get mid-level management buy-in.
Evaluate your environment’s needs, exposures, and defenses.
Which of the following are categories you would be likely to see at a mid-year budget review?
Actual amount spent year to date
Actual amount spent for the month
Variance against budget (an over/under amount indicating how well you are doing compared to the expected amount based on your original budget)
Variance against last year (an over/under amount indicating if you are spending more or less for the same items as last year)
You should always try to get your server and storage environment on a single diagram.
What are the two things a control mechanism provide?
Audit trail and evidence
Appropriate checks and balances
Best effort and assurance
Policy and procedure
The goal of your audit should be to clearly determine the __ you are facing.
level of risk
degree of compliance
level of work
__ is a solution that allows users to authenticate once to the network and then have access to all applications and resources for which he has been granted permission, without having to enter additional IDs and passwords.
Where were some locations the textbook suggested as potentially good places for physical copies of infrastructure documentation to be located?
Cubical Walls of the help desk personnel
How many process areas does CMMI have?
What two things need to happen for a policy to help ensure that all employees (both IT and users) are aware of it and that it can be applied consistently?
It must be approved by both the auditors and compliance groups
The business unit and individual owners must be listed
It should be documented and posted
It should be tied to a regulation and indexed
What can be used to “trap” data to and from a particular device or can be used to look for particular content.
A Packet Sniffer
Network Access Controls
A Packet Internet Groper
An IPS Appliance
A(n) __ is generally used to gather preliminary information about a vendor in order to see if they meet some basic requirements.
Which of the following are issues that IT should care about and standardize on?
The textbook referred to a 2011 Ponemon Institute survey. That survey indicated __ was the most common cause of a security breach.
In hard times, what are the things you should bring to management to show your leadership?
Adjust your priorities properly
Be willing to react quickly to decisions
Come to the table with ideas
What are the kinds of things a good inventory can help you discover?
One comforting thought with Information Security is that whether you are a virtual company or if you have a traditional office setting, your security priorities and concerns are the same.
__ is a technique for gathering confidential or privileged information by simply asking for it.
Which of the following are benefits of standardizing your technology?
Eases support burden
Requires fewer kinds of spares
Locks you into a smaller set of vendors
Makes it harder to detect shadow IT
Which of the following is not part of the IT Infrastructure Library?
The business perspective
Planning to implement service management
Which of the following was not identified as common type of contact you would likely have with a vendor?
__ is usually defined as any data that can be used (either alone or with other data and sources) to identify a person.
Personal Health Information
Protected Health Information
Personally Identifiable Information
Personal Identity Information
What is the commonly used name for the Public Company Accounting Reform and Investor Protection Act of 2002?
SEC’s Rule 17a-4
Which of the following is not one of the common points for deciding to refresh technology?
The technology is no longer meeting your needs
The technology is holding up other IT projects
The technology presents risks to the environment
Vendor support is available, and not cost prohibitive
In general with leasing situations, you make arrangements to purchase a piece of hardware, but the leasing company makes the actual purchase.
This is the practice of trying to get information from people by lying to them over the computer.
Match the terms to their descriptions.
A set of modifications to the operating system that is designed primarily to hide malicious activity.
Programs that appear to be legitimate, but in fact are malicious.
Self-contained programs that replicate themselves usually via the network or e-mail attachments.
Software that monitors a user’s activity, often to collect account numbers, passwords, etc.
Information regarding your company’s mobile equipment should include which of the following:
According to Financial Accounting Standards Board (FASB) Statement 13, a lease is considered a capital lease if it meets any one of the following criteria, except:
The lease term is equal to or greater than 75 percent of the estimated life of the leased property (e.g., the lease term is six years and the estimated life is eight years).
The lease transfers ownership of the property to the lessee by the end of the lease term.The lease contains an option to purchase the leased property at a bargain price.
The lease contains an option to purchase the leased property at a bargain price.
The present value of rental and other minimum lease payments equals or exceeds 90 percent of the fair value of the leased property regardless of any investment tax credit retained by the lessor.
Outsourcing includes all but which of the following?
The primary company can provide the service
The secondary company chooses not to provide the service
The primary company chooses not to provide the service
The secondary company can provide services in question
During the difficult times, you should be looking all but which of these areas:
Managing costsLooking for opportunities to leverage IT for increased business value
Improving weak SLAs
Which of the following is not one of the common weaknesses found after a security assessment?
Weak Internal Controls on People
Which of the following is not usually found in a Wide Area Network schematic?
location of switches
Which organization is closely identified with the Control Objectives for Information and Related Technology framework?
This method of risk analysis generates an analysis of the risks facing an organization and is based on experience, judgment, and intuition.
The benefit of __ individual departments is that those departments become more cost conscious of their IT uses and requirements.
underestimating budgets by
budgeting everything at
charging expenses back to
overestimating budgets by
The textbook suggests that IT department provide whatever the user asks for regarding ergonomic devices and ant-glare screens.
One of the contractual I stressed in the lecture that can cause a contract to be rejected by the legal team, even though the product is exactly what you need to purchase was the:
Absence of an automatic renewal provision
The SLA is too generic
Choice of Law Provision
Limited Indemnity Clause
The textbook mentioned that _ of people never change their banking password.
Proof that you can provide to anyone who might ask (e.g., lawyers, regulators, auditors) that you are actually operating by the established policies is often considered __.
A hidden benefit of maintaining evidence
A hidden benefit of educating your employees
A hidden benefit of operational excellence
A hidden benefit of control mechanisms
If your project needs a new piece of hardware for a project that costs $10,000 and has a 5 year depreciation span, the amount of the expense in the year following the purchase is _.