Show
Recommended textbook solutions
 Operations Management: Sustainability and Supply Chain Management12th EditionBarry Render, Chuck Munson, Jay Heizer 1,698 solutions
Human Resource Management15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine 249 solutions
Service Management: Operations, Strategy, and Information Technology7th EditionJames Fitzsimmons, Mona Fitzsimmons 103 solutions
Human Resource Management15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine 249 solutions
Chapter 5 of Management of Information Security, 3rd ed., Whitman and Mattford Terms in this set (49)Information security program ____ is the term used to describe the structure and organization of the effort that strives to contain the risks to the information assets of the organization. Help Desk ____________________ personnel are the front line of incident response, as they may be able to diagnose and recognize an attack while handling calls from users having problems with their computers, the network, or Internet connections. CISO The ____ is primarily responsible for the assessment, management, and implementation of the program that secures the organization's information. consultant The information security ____ is typically an expert in some aspect of information security, who is brought in when the organization makes the decision to outsource one or more aspects of its security program. Identify program scope, goals, and
objectives List the steps of the seven-step methodology for implementing training. False The Computer Security Act of 1987 requires federal agencies to provide mandatory periodic training in computer security encryption and accepted computer practices to all employees involved with the management, use, or operation of their computer systems. training Security ____________________ involves providing members of the organization with detailed information and hands-on instruction to enable them to perform their duties securely. may not be sufficiently responsive to the needs of all trainees A disadvantage of offering training in a formal class is that it ____. security awareness The three elements of a SETA program are security education, security training, and ____________________. 11% On average, the security budget of a medium-sized organization is ____ of the total IT budget. False Individuals who perform routine monitoring activities are called security technicians. one person The typical security staff in a small organization consists of ____. poster Keys to a good security ____________________ series include varying the content and keeping posters updated. On-the-job training Which of the following training methods uses a sink-or-swim approach? security administrator The responsibilities of the ____ are a combination of the responsibilities of a security technician and a security manager. top computing executive or Chief Information Officer In large organizations the information security department is often headed by the CISO who reports directly to the ____. technology product Advanced technical training can be selected or developed based on job category, job function, or ____. definers A study of information security positions found that positions can be classified into one of three types: ____________________ provide the policies, guidelines, and standards. They're the people who do the consulting and the risk assessment, who develop the product and technical architectures. builders A study of information security positions found that positions can be classified into one of three types: ____________________ are the real technical types, who create and install security solutions. True Effective training and awareness programs make employees accountable for their actions. False According to Charles Cresson Wood, "Reporting directly to top management is not advisable for the Information Security Department Manager [or CISO] because it impedes objectivity and the ability to perceive what's truly in the best interest of the organization as a whole, rather than what's in the best interest of a particular department." False Legal assessment for the implementation of the information security program is almost always done by the information security or IT departments. True A security technician is usually an entry-level position. True In informing and preparing employees for their role in information security, security awareness provides the "what", training provides the "how" and education provides the "why". True Security managers are accountable for the day-to-day operation of the information security program. False Threats from insiders are more likely in a small organization than in a large one. technology product The three methods for selecting or developing advanced technical training are by job category, by job function, and by ____________________. reduce the incidence of accidental security breaches The security education, training, and awareness (SETA) program is designed to ____ by/of members of the organization. security awareness A SETA program consists of three elements: security education, security training, and ____. security training Employee behavior that endangers the security of the organization's information can be modified through security awareness and ____________________. CISO Security managers commonly report to the ____. security administrator The security analyst is a specialized ____. False One of the most commonly implemented but least effective security methods is the security awareness program. False The professional agencies such as SANS, ISC2, ISSA and CSI offer industry training conferences and programs that are ideal for the average employee. False Security education involves providing members of the organization with detailed information and hands-on instruction to enable them to perform their duties securely. identify program scope, goals, and objectives Which of the following is the first step in the process of implementing training? False An organization's size is the variable that has the greatest influence on the structure of the organization's information security program. information security An organization's ____________________ program refers to the structure and organization of the effort that strives to contain the risks to the information assets of the organization. True In small organizations, security training and awareness is most commonly conducted on a one-on-one basis. newsletter A security ____________________ is the most cost-effective method of disseminating security information and news to employees. True Organizations with complex IT infrastructures are likely to require more information security support than those with less complex infrastructures. True To their advantage, some observers feel that small organizations avoid some threats precisely because of their small size. True A security trinket program is one of the most expensive security awareness programs. True A convenient time to conduct training for general users is during employee orientation. A security technician Which of the following would be responsible for configuring firewalls and IDSs, implementing security software, and diagnosing and troubleshooting problems? GGG (guards, gates, and guns) Security officers and investigators are part of the ____________________ aspect of security. True In large organizations, it is recommended to separate information security functions into four areas, including: non-technology business functions, IT functions, information security customer service functions and information security compliance enforcement functions. True The purpose of the CAEIAE program is to enhance security by building in-depth knowledge, by developing security-related skills and knowledge, by improving awareness of the need to protect system resources. assessment An organization carries out a risk ____________________ function to evaluate risks present in IT initiatives and/or systems. Sets with similar termsChapter 529 terms TheITLaw CH.5 Developing the Security Program54 terms Broc_McClain ch. 525 terms kristen_page5 CS307 - Chapter 525 terms bailey_heflin Sets found in the same folderManagement of Information Security Chapter 349 terms holymoses61 Management of Information Security Chapter 250 terms holymoses61 Management of Information Security Chapter 650 terms holymoses61 Management of Information Security Chapter 150 terms holymoses61 Other sets by this creatorLifepac Bible 710 Quiz #410 terms holymoses61 Lifepac Bible 710 Quiz #310 terms holymoses61 Lifepac Bible 710 Quiz #26 terms holymoses61 Lifepac Bible 710 Quiz #110 terms holymoses61 Recommended textbook solutionsInformation Technology Project Management: Providing Measurable Organizational Value5th EditionJack T. Marchewka 346 solutions Operations Management: Sustainability and Supply Chain Management12th EditionBarry Render, Chuck Munson, Jay Heizer 1,698 solutions
Information Technology Project Management: Providing Measurable Organizational Value5th EditionJack T. Marchewka 346 solutions
Human Resource Management15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine 249 solutions Other Quizlet setsMGT 310 test 1 last set25 terms nickmannebach Bio Animals37 terms Tae_1996 psychology final79 terms kenz__21 Chemistry 257 Lab Midterm(all quizzes)36 terms ZacCim Related questionsQUESTION According to the COSO ERM framework, the difference between inherent risk and actual residual risk results because of management's 5 answers QUESTION 4. Process to manage stakeholder disagreements step 1 2 answers QUESTION Easy goals are more motivating than challenging goals because of the satisfaction that comes from always succeeding. - 3 answers QUESTION How long is a mares estrus cycle? 15 answers What is the first step in a training design process?Needs Assessment
The first step in developing a training program is to determine what the organization needs in terms of training. There are three levels of training needs assessment: organizational assessment, occupational (task) assessment, and individual assessment: Organizational assessment.
What is the purpose of security education training and awareness Seta quizlet?The security education, training, and awareness (SETA) program is designed to reduce the incidence of external security attacks.
Which security functions are normally performed by IT groups outside the InfoSec area of management control?Functions performed by IT groups outside of the information security area of management control, such as: Systems security administration. Network security administration. Centralized authentication.
What benefits does Seta programs offer in reducing accidental security breaches by members of the organization?SETA is a program designed to help organizations to mitigate the number of security breaches caused by human error. This is accomplished by making people aware of information security policies and being able to apply it during their daily activities to help prevent security incidents.
|
