ISOL 533Midterm_1.

ISOL 533 / ISOL533 - SECURITY AND RISK MANAGEMENT. COMBINED REVIEW TEST SUBMISSION: MIDTERM EXAM - 1 Review Test Submission: Mid-Term Exam • Question 1 What is the area that is inside the firewall? • Question 2 What are often the weakest links in IT security? Risk is the practice of identifying, assessing, controlling, and mitigating risks. Companies use risk management techniques to differentiate from ? What are the elements of the security triad? What is the primary reason to avoid risk? What is NOT a step in risk management? What is NOT an example of an intangible value? What is the best example of warez? IDS stands for . damage for the sake of doing damage, and they often choose targets of opportunity. A(n) is a computer joined to a botnet. What is NOT an example of unintentional threat? What is the most commonly seen attack? Identify the acronym that does NOT refer to an initiative taken by the government to help companies manage IT risks. What is a security policy? When does a threat/vulnerability pair occur? When risk is reduced to an acceptable level, the remaining risk is referred to as . What can you control about threat/vulnerability pairs? When your bank or credit card company sends you a notification of changes in how it collects or shares data, it is sending that notification in compliance with . When companies are expected to adhere to the laws that they are affected by, this is commonly known as . What is NOT one of the three primary bureaus of the FTC? What is the relevance of state AGs to IT issues? What is the function of job rotation? When the FTC was created in 1914, its primary goal was to . HIPAA requires that your insurance company sets standards for the protection of your data and the systems that handle that data’s . What is the relationship between Enron and SOX? What are the six principles of PCI DSS? CIPA is . At what point should you describe the procedures and schedules for accomplishment? Costs for solutions are often . 0.25 out of 0.25 points Choose the most accurate statement with respect to creating a risk management plan. 0.25 out of 0.25 points What information should you include in your report for management when you present your recommendations? POAM stands for . After you collect data on risks and recommendations, you include that information in a report, and you give that report to management. Why do you do this? All of the following terms have the same meaning EXCEPT: A risk management PM is also sometimes called a(n) . What is the purpose of a POAM? What are the four major categories of reporting requirements? What is the Delphi Method? What is NOT a benefit of a qualitative RA? What are the two primary methods used to create a risk assessment? All of the following are major components of RAs, EXCEPT: What is NOT a benefit of a quantitative RA? A (n) is a common type of attack on Internet-facing servers.