Chapter 10 and 11 Questions & Answers

docx

School

Indiana University, Purdue University, Indianapolis *

*We aren’t endorsed by this school

Course

45100

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

6

Uploaded by AdmiralParrotPerson970

Report
Chapter 10 & 11 Questions & Answers Chapter 10: 1. A _____ is used to identify the impact on an organization if a risk occurs. A business impact analysis (BIA) is used to identify the impact on an organization if a risk occurs. 2. MAO is the minimal acceptable outage that a system or service can experience before its mission is affected. a. True b. False It is false that the MAO is the minimal acceptable outage that a system or service can experience before its mission is affected. 3. An organization wants to have an agreement with a vendor for an expected level of performance for a service that includes ensuring that monetary penalties are assessed if the minimum uptime requirements are not met. What should you use? a. MAO b. BIA c. SLA d. IDS What the organization should use if they want to have an agreement with a vendor for an expected level of performance for a service which includes ensuring that monetary penalties are assessed if the minimum uptime requirements are not met is SLA. 4. What would be used to identify mission-critical systems? a. Critical outage times b. Critical business functions c. PCI DSS review d. Disaster recovery plan Critical business functions would be used to identify mission-critical systems. 5. What can an organization use to remind users of an AUP’s contents? a. Logon banners b. Posters c. Emails d. All of the above To remind users of an AUP’s contents, an organization can use logon banners, posters, and emails. 6. Organizations that violate GDPR rules may be fined _____ or ______ of their annual global turnover, whichever is greater.
Organizations that violate GDPR rules may be fined $22 million or 4 percent of their annual global turnover, whichever is greater. 7. Which of the following strategies helps reduce security gaps even if a security control fails? a. Access control implementation b. Critical business factor analysis c. Defense in depth d. Business impact analysis Defense in depth helps reduce security gaps even if a security control fails. 8. How much can an organization be fined in a year for HIPPA-related mistakes? a. $100 b. $1,000 c. $25,000 d. $250,000 An organization can be fined up to $25,000 in a year for HIPPS-related mistakes. 9. What determines whether an organization is governed by FISMA? a. Whether it is registered with the Securities and Exchange Commission b. Whether its employees handle health-related information c. Whether it receives E-Rate funding d. Whether it is a federal agency Whether it is a federal agency determines whether an organization is governed by FISMA. 10. What determines whether an organization is governed by HIPPA? a. Whether it is registered with the Securities and Exchange Commission b. Whether its employees handle health-related information c. Whether it receives E-Rate funding d. Whether it is a federal agency Whether its employees handle health-related information determines whether an organization is governed by HIPPA. 11. What determines whether an organization is governed by SOX? a. Whether it is registered with the Securities and Exchange Commission b. Whether its employees handle health-related information c. Whether it receives E-Rate funding d. Whether it is a federal agency Whether it is registered with the Securities and Exchange Commission determines whether an organization is governed by SOX. 12. What determines whether an organization is governed by CIPA?
a. Whether it is registered with the Securities and Exchange Commission b. Whether its employees handle health-related information c. Whether it receives E-Rate funding d. Whether it is a federal agency Whether it receives E-Rate funding determines whether an organization is governed by CIPA. 13. A CBA has been performed on a prospective control. The CBA indicates the cost of the control is about the same as the control’s projected benefits. What should be done? a. Identify the ROI b. Purchase the control c. Cancel the purchase of the control d. Redo the CBA A CBA has been performed on a prospective control. The CBA indicates the cost of the control is about the same as the control’s projected benefits, what should be done is to identify the ROI. 14. Which of the following is a valid formula used to identify the projected benefits of a control? a. Loss after control – Loss before control b. Loss before control – Loss after control c. Cost of control + Losses d. Cost of control ½ Loss before control – Loss after control is a valid formula used to identify the projected benefits of a control. 15. A CBA can be used to justify the purchase of a control. a. True b. False It is false that a CBA can be used to justify the purchase of a control. Chapter 11: 1. A(n) _____ countermeasure is one that has been approved and has a date for implementation. An in-place countermeasure is one that has been approved and has a date for implementation. 2. A single risk can be mitigated by more than one countermeasure. a. True b. False It is true that a single risk can be mitigated by more than one countermeasure.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
3. The formula for risk is Risk = ____ The formula for risk is Risk = Threat x Vulnerability. 4. What would an account management policy include? a. Details on how to create accounts b. Details on when accounts should be disabled c. Password policy d. A and B only e. A, B, and C An account management policy would include details on how to create accounts, details on when accounts should be disabled, and password policy. 5. What could a password policy include? a. Length of password b. List of required passwords c. User profiles d. All of the above A password policy could include the length of passwords. 6. The _____ plan will include details on how and when to implement approved countermeasures. The mitigation plan will include details on how and when to implement approved countermeasures. 7. A countermeasure is being reviewed to be added to the mitigation plan. What costs should be considered? a. Initial purchase costs b. Facility costs c. Installation costs d. Training costs e. All of the above A countermeasure is being reviewed to be added to the mitigation plan. The costs that should be considered are initial purchase costs, facility costs, installation costs, and training costs. 8. Which of the following items are considered facility costs for the implementation of a countermeasure? a. Installation and air-conditioning b. Installation and training c. Power and air-conditioning d. Power and training
Power and air-conditioning are considered facility costs for the implementation of a countermeasure. 9. What’s a reasonable amount of time for an account management policy to be completed and approved? a. Twenty minutes b. One day c. One month d. One year A reasonable amount of time for an account management policy to be completed and approved is one month. 10. What can be used to determine the priority of countermeasures? a. Cost-benefit analysis b. Threat likelihood/impact matrix c. Disaster recovery plan d. Best guess method A threat likelihood/impact matrix can be used to determine the priority of countermeasures. 11. A risk assessment was completed three months ago and has recently been approved. What should be done first to implement a mitigation plan? a. Verify risk elements b. Purchase countermeasures c. Redo risk assessment d. Redo the CBA A risk assessment was completed three months ago and has recently been approved. What should be done first to implement a mitigation plan is to verify risk elements. 12. Two possible countermeasures are being evaluated to mitigate a risk, but management wants to purchase only one. What can be used to determine which countermeasures provides the better cost benefits? a. Threat likelihood/impact matrix b. Threat score c. CBA d. CIA Two possible countermeasures are being evaluated to mitigate a risk, but management wants to purchase only one. What can be used to determine which countermeasures provide better cost benefits is CBA. 13. A cost-benefit analysis is being performed to determine whether a countermeasure should be used. Which of the following formulas should be applied? a. Loss before countermeasure – Loss after countermeasure
b. Loss after countermeasure – Loss before countermeasure c. Projected benefits – Cost of countermeasure d. Cost of countermeasure - Projected benefits A cost-benefit analysis is being performed to determine whether a countermeasure should be used. A projected benefits – Cost of countermeasure formula should be applied. 14. Of the following items, what one(s) should be included in a cost-benefit analysis report? a. Recommended countermeasure b. Risk to be mitigated c. Costs d. Annual projected benefits e. A and C only f. A, B, C, and D Recommended countermeasures, risk to be mitigated, costs, and annual projected benefits should be included in a cost-benefit analysis report. 15. NIST 800-63 provides guidance on risk management strategies and policies. a. True b. False It is false that NIST 800-63 provides guidance on risk management strategies and policies.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

CYB_240_Project_One_Milestone_SG.docx
CYB_240_Module_Four_Lab_Worksheet_SG.docx
CYB_240_Module_Five_Lab_Worksheet_SG.docx
Chapter 1 and 2 Questions and Answers.docx
Chapter 5 and 6 Questions and Answers.docx
Chapter 3 and 4 Questions and Answers.docx
Chapter 7, 8, and 9 Questions and Answers.docx
ECE114-Final Assignment.docx
Unit 2 Case Study_ Pizza Palace Job Interview.docx
Unit 4 Case Study_ VIP Pizza.docx
Unit 3 Case Study_ Marco's Pizza Supply.docx
Proposal of Protocol_ LaNasa, Harn, Jones, Thomas, Haynes.docx