TRUE/FALSE QUESTIONS: Assurance is the process of examining a computer product or system with respect to certain criteria. Problems with providing strong computer security involve only the design...

1 answer below »


TRUE/FALSE QUESTIONS:



  1. Assurance is the process of examining a computer product or system with respect to certain criteria.

  2. Problems with providing strong computer security involve only the design phase.

  3. IT security management has evolved considerably over the last few decades due to the rise in risks to networked systems.

  4. To ensure that a suitable level of security is maintained, management must follow up the implementation with an evaluation of the effectiveness of the security controls.


MULTIPLE CHOICES QUESTIONS

  1. __________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.


A. Availability C. System Integrity
B. Privacy D. Data Integrity

Answer


  1. Security classes are referred to as __________.



  1. security clearances B. security classifications



  1. security levels D. security properties


Answer


  1. __________ ensures that critical assets are sufficiently protected in a cost-effective manner.


A. IT control B. IT security management


Answer


  1. The intent of the ________ is to provide a clear overview of how an organization’s IT infrastructure supports its overall business objectives.



  1. risk register B. corporate security policy



  1. vulnerability source D. threat assessment


Answer


  1. Which of the following supports the Defense-in-depth strategy?



  1. Abstraction B. Data Hiding


Answer


  1. The objective of the ________ control category is to avoid breaches of any law, statutory, regulatory, or contractual obligations, and of any security requirements.



  1. Access

  2. Asset management

  3. Compliance

  4. Business continuity management


Answer


  1. Which of the following is not a security architecture framework?



  1. Sherwood Applied Business Security Architecture (SABSA)

  2. NIST Special publication 800-53

  3. ISO 27001 & 27002

  4. Open Web Application Security Project (OWASP)


Answer


  1. Which security management is considered complimentary to ISO/27001 & 20072



  1. SABA

  2. COBIT

  3. NIST Special publication 800-53

  4. OWASP


Answer


  1. The objective of the ________ control category is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption.



  1. asset management

  2. business continuity management

  3. information security incident management

  4. physical and environmental security


Answer


FILL-IN THE BLANK QUESTIONS

. 14. A loss of _________ is the disruption of access to or use of information or an information system.

Answer

  1. A subject is said to have a security _________ of a given level.


Answer

  1. ISO details a model process for managing information security that comprises the following steps: plan, do, ________, and act.


Answer

  1. A _________ on an organization’s IT systems identifies areas needing treatment.


Answer: Risk Assessment


Answer Table

































































True/False

Answer
1
2
3
4

Multiple Choices
5
6
7
8
9
10
11
12
13

Short Answer
14
15
16
17



SHORT ANSWER QUESTIONS

  1. Consider a desktop publishing system used to produce documents for various organizations. Give an example in which system availability is the most impotent requirement. Please be very brief.


Answer:

  1. The necessity of the “no read up” rule for a multilevel security is fairly obvious. What is the importance of the “no write down” rule?


Answer

  1. List and briefly define the five alternatives for treating identified risks.



Answer:


005_21kobjo-l40k2ezx.docx
Answered Same DayDec 23, 2021

Answer To: TRUE/FALSE QUESTIONS: Assurance is the process of examining a computer product or system with...

David answered on Dec 23 2021
137 Votes
TRUE/FALSE QUESTIONS:
1. Assurance is the process of examining a computer product or system with respect to
certain criteria.
True
SQA processes provide assurance that the software products and processes in the project life cycle
conform to their specified requirements by planning, enacting, and performing a set of activities to
provide adequate confidence that quality is being built into the software. This means ensuring that
the problem is clearly and adequately stated and that the solution’s requirements are properly
defined and expressed. SQA seeks to maintain the quality throughout the development and
maintenance of the product by the execution of a variety of activities at each stage which can result
in early identification of problems, an almost inevitable feature of any complex activity. The role of
SQA with respect to process is to ensure that planned processes are appropriate and later
implemented according to plan, and that relevant measurement processes are provided to the
appropriate organization.
2. Problems with providing strong computer security involve only the design phase.
True
More Secure Software, under the heading “It’s not just the code,” highlights that many software
security vulnerabilities are not coding issues at all but design issues. When one is exclusively
focused on finding security issues in code, that person runs the risk of missing out on entire
classes of vulnerabilities. Security issues in design and semantic flaws (ones that are not
syntactic or code related), such as business logic flaws, cannot be detected in code and need to
be inspected by performing threat models and abuse cases modeling during the design stage of
the SDLC. To identify the threats to the software being built. It starts by identifying the security
objectives of the software and profiles it. It breaks the software into physical and logical
constructs generating the software context that includes data flow diagrams, and end-to-end
deployment scenarios, identifying entry and exit points, protocols, components, identities, and
services. Threat Modeling is performed during the design stage so that necessary security
controls (safeguards) can be developed during the development phase of the software.
3. IT security management has evolved considerably over the last few decades due to the rise in
risks to networked systems.
True
Risk analysis drive the need for network security. For a while, information security was influenced to
some extent by fear, uncertainty, and doubt. Examples of these influences included the fear of a new
worm outbreak, the uncertainty of providing web services, or doubts that a particular leading-edge
security technology would fail. But we realized that regardless of the security implications, business
needs had to come first.
If your business cannot function because of security concerns, you have a problem. The security system
design must accommodate the goals of the business, not hinder them. Therefore, risk management
involves answering two key questions:
 What does the cost-benefit analysis of your security system tell you?
 How will the latest attack techniques play out in your network environment?
Dealing with Risk
There are actually four ways to deal with risk:
Reduce: This is where we IT managers evolve and it is the main focus of this book. We are
responsible for mitigating the risks. Four activities contribute to...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?