Documente Academic
Documente Profesional
Documente Cultură
Aggregated risk can occur in homogenous systems where one threat vector can comp
romise many systems whether integrated or not.
B.
C.
D.
Tightly integrated systems are more susceptible to cascading risk because
the failure of one element causes a sequence of failures.
The system analyst would not be as closely involved in testing code chang
B.
System users, specifically the user acceptance testers, would be in the b
est position to note whether new exposures are introduced during the change mana
gement process.
C.
D.
The data security officer would not be involved in testing code changes.
A. A lack of proper procedures may well be the issue, but that is a failure of g
overnance. Good governance would ensure that procedures are consistent with stan
dards that meet policy intent. Procedures for configuration that meet standards
for a particular security domain will be consistent.
B. Governance is the rules the organization operates by and the oversight to ens
ure compliance as well as feedback mechanisms that provide assurance that the ru
les are followed. A failure of one or more of those processes is likely to be th
e reason that system configurations are inconsistent.
C. Poor standards are also a sign of inadequate governance and likely to result
in poor consistency in configurations.
D. Insufficient training indicates that there are no requirements, they are not
being met or the trainers are not competent in the subject matter, which is also
a lack of effective governance resulting in a lack of oversight, clear requirem
ents for training or a lack of suitable metrics.
A.
B.
C. Decoy files, often referred to as honeypots, are the best choice for divert
ing a hacker away from critical files and alerting security of the hacker s presen
ce.
D. Screened subnets or demilitarized zones (DMZs) provide a middle ground betw
een the trusted internal network and the external untrusted Internet but does no