Chapter 3 and 4 Questions and Answers
docx
keyboard_arrow_up
School
Indiana University, Purdue University, Indianapolis *
*We aren’t endorsed by this school
Course
45100
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
2
Uploaded by AdmiralParrotPerson970
Chapter 3 & 4 Questions & Answers
Chapter 3:
1.
Compliance should be audited by an external organization annually per FISMA’s requirements for federal agencies to protect IT systems and data.
2.
HIPPA applies to organizations that are handling health care information.
3.
SOX is a law that can put CEOs and CFOs in jail if financial statements are inaccurate. 4.
CIPA requires schools and libraries to limit offensive content on their computers.
5.
Mandatory vacation is what employees in some countries are often required to take annually for at least five consecutive days. The purpose of this is to reduce fraud and embezzlement. 6.
It is True that fiduciary refers to a relationship of trust.
7.
Merchants that handle credit cards should follow the PCI DSS standard when implementing data security.
8.
Special Publication 800-30 covers Risk assessments
. 9.
Processes to manage IT resources best describes IT Governance, which COBIT framework refers to.
10. The COBIT standard is focused on maintaining a balance between benefits, risk, and asset use and is based on five principles and comprises seven components.
11. The ISO 27002 Information Technology Security Techniques can verify that an organization meets certain requirements. Part 1 identifies objectives and controls, and part 2 is used for certification.
12.
ISO 31000 Risk Management Principles and Guidelines provides generic guidance on risk management.
13. The GDPR law aims to protect the privacy of data for citizens in the EU and EEA. 14. In the CMMI, level 5 indicates the highest level of maturity.
15. DIACAP is a risk management process applied to IT systems. After a system has been accredited, it receives authority to operate
. Chapter 4:
1.
Objectives
, Scope
, Recommendations
, and POAM are valid contents of a risk management plan. 2.
A list of threats, a list of vulnerabilities, costs associated with risks, and cost-benefit analysis should be included in the objectives of a risk management plan. 3.
The scope of a risk management plan will define boundaries
.
4.
Scope creep can occur if the scope of a risk management plan is not defined. 5.
A stakeholder is an individual or a group that has an interest in the project
.
6.
It is True that a key stakeholder should have the authority to make decisions about a project, including authority to provide additional resources.
7.
A risk management plan project manager oversees the entire plan. The project manager is
responsible for ensuring costs are controlled
, and ensuring the project stays on schedule
. 8.
A risk management plan includes steps to mitigate risks. Management is responsible for choosing what steps to implement. 9.
A risk management plan includes a list of findings in a report. The findings identify threats and vulnerabilities. The Cause-and-effect diagram can document some of the findings.
10.
Causes, criteria, and effects should be included in the findings of the risk management report. 11. The CBA is a primary tool used to identify the financial significance of a mitigation tool. 12. It is True that a fishbone diagram can link causes with effects.
13. A fishbone diagram is also known as an Ishikawa diagram
. 14. The NIST Risk Management Framework is a process that combines security and risk management as part of a systems development life cycle. 15. A POAM is used to track the progress of a project. A Gantt chart is commonly used to assist with tracking.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help