Midterm 1

True/False
Indicate whether the statement is true or false.

____ 1. The champion in a top-down approach to security implementation is usually a network administrator.

____ 2. The success of information security plans can be enhanced by using the processes of system analysis and
design.

____ 3. In the logical design and physical design phase of the security systems development life cycle, a manager
should use an established security model to guide the design process.

____ 4. A sequential system of activating an alert roster is quicker than a hierarchical system.

____ 5. To perform parallel testing, the operations of the business must be halted.

Modified True/False
Indicate whether the statement is true or false. If false, change the identified word or phrase to make the statement true.

____ 6. Policy, awareness, training, education, and technology are concepts vital for the protection of information.
_________________________

____ 7. The process of achieving objectives using a given set of resources is called management.
_________________________

____ 8. Some companies refer to operational planning as intermediate planning. _________________________

____ 9. The IRP is the component of contingency planning that focuses on restoring operations at the primary site.
_________________________

____ 10. A(n) champion is an executive who supports, promotes, and endorses the findings of the CP project.
_________________________

Multiple Choice
Identify the choice that best completes the statement or answers the question.

____ 11. The ____ community allocates resources to the other communities of interest.

____ 12. ____ of information ensures that only those with sufficient privileges and a demonstrated need may access
certain information.

____ 13. ____ occurs when a control provides proof that a user possesses the identity that he or she claims.

____ 14. Identification is typically performed by means of a(n) ____.

____ 15. A manager has informational, interpersonal, and ____ roles within the organization.

____ 16. ____ leaders are also known as “laid-back” leaders.

____ 17. The ____ explicitly declares the business of the organization and its intended areas of operations.

____ 18. Which of the following is true about mission statements?

____ 19. Vision statements are meant to be ____.

____ 20. Budgeting, resource allocation, and manpower are critical components of the ____ plan.

____ 21. A joint application development team can survive employee turnover by ____.

____ 22. At the end of the investigation phase of the security systems development life cycle (SecSDLC), a ____ analysis
is performed.

____ 23. The logical design of a system is said to be ____ independent.

____ 24. The ISO network management model covers five areas related to the administration and management of
networks. Which of the following is NOT one of these phases?

____ 25. The ____ phase of the ISO network management model involves assessing the appropriate level of utilization,
operations and function of computer-based technologies.

____ 26. Which of the following categories of threats describes an act of human error or failure?

____ 27. When an unauthorized individual gains access to information that an organization is trying to protect, the act is
categorized as a(n) ____.

____ 28. A(n) ____ damages or steals an organization’s information or physical asset.

____ 29. A(n) ____ is a technique or mechanism used to compromise a system.

____ 30. The ____ is responsible for the assessment, management, and implementation of securing the information in the
organization.

____ 31. ____ management is the administration of various components involved in the security program.

____ 32. Operations at the primary business site are reestablished by the ____ team.

____ 33. A document that contains contact information on the individuals to be notified in the event of an actual incident
is called a(n) ____.

____ 34. A(n) ____ determines the extent of the breach of confidentiality, integrity, and availability of information and
information assets.

____ 35. When dealing with an incident, the last action the IR team takes is to ____.

____ 36. Which of the following is a responsibility of the crisis management team?

____ 37. The BCP is most properly managed by the ____.

____ 38. Which of the following is true about a hot site?

____ 39. A ____ is a fully configured computer facility that needs only the latest data backups and the personnel to
function.

____ 40. Which of the following can be fully functional within minutes?

____ 41. No computer hardware or peripherals are provided in a ____.

____ 42. A warm site ____.

____ 43. ____ is the storage of duplicate online transaction data, along with the duplication of the databases at the remote
site on a redundant server.

____ 44. A(n) ____ is a detailed description of the activities that occur during an attack.
____ 45. ____ is a method of testing contingency plans in which each involved person works individually to simulate the
performance of each task.

Completion
Complete each statement.

46. The three levels of planning are strategic planning, tactical planning, and ____________________ planning.

47. The term ____________________ refers to the end result of a planning process.

48. Organizational ____________________ is the flow of information throughout the entire organization.

49. The overall process of preparing for unexpected events is called ____________________.

50. The four components of contingency planning are the ____________________, the incident response plan, the
disaster recovery plan, and the business continuity plan.