. What elements are components of an information system?
a) Hardware and software
b) Interconnected systems
c) People
d) All of the above - ANSWER Correct answer: d) All of the above
OMB Circular A-130, App ill: "A system normally includes hardware, software, information, data, applications, c...
FITSP-A Module 3 Questions &
ANSWERS!!
1. What elements are components of an information system?
a) Hardware and software
b) Interconnected systems
c) People
d) All of the above - ANSWER Correct answer: d) All of the above
OMB Circular A-130, App ill: "A system normally includes hardware, software, information, data,
applications, communications, and people.'
Incorrect answers: The individual choices alone do not constitute a system. Information systems must be
considered in a holistic manner.
2. What are some of the threats that the information system faces?
a) Environmental disruptions
b) Human errors
c) Cyber-attacks
d) All of the above - ANSWER Correct answer: d) All of the above
NIST SP 800-39r1, p. 1: "Threats to information and information systems can include purposeful attacks,
environmental disruptions, and human/machine errors and result in great harm to the national and
economic security interests of the United States.
Incorrect answers: The individual choices alone do not cover all the threats that must be considered in
protecting systems
SDLC - ANSWER System Development Life Cycle
The five phases, as described in SP 800-64 are Initiation,
Development/Acquisition, Implementation, Operations/Maintenance, and Disposal.
( I D/A I O/M D )
, 3. During what phase of the SDLC should the organization consider the security requirements (mark all
that apply)?
a) Initiation Phase / Development / Acquisition Phase
b) Implementation Phase
c) Operation / Maintenance Phase
NIST SP 800-39, Appendix D defines roles and responsibilities of information security personnel.
Paragraphs D.5 & D.6 state that the SISO and AO have inherent U.S. Government authority and so must
be assigned to government personnel.
Incorrect answers: The other two positions are also addressed in SP 800-39, but do not have inherent
U.S. Government authority.
8. Place the 4 components of risk management in the correct order.
NIST SP 800-39, Paragraph 2.1 states: "Risk management is a comprehensive process that requires
organizations to: (i) frame risk (i.e., establish the context for risk-based decisions); (ii) assess risk; (iii)
respond to risk once determined; and (iv) monitor risk on an ongoing basis using effective organizational
communications and a feedback loop for continuous improvement in the risk-related activities of
organizations."
Incorrect answers: Other orders are incorrect based on SP 800-39.
9. The following are the possible outcomes of the Authorization Decision (mark all that apply):
a) Authorization to Operate
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller shantelleG. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $13.49. You're not tied to anything after your purchase.
