SEC360 Week 8 Final Exam | with complete solution | graded A+

Note: The text in the right column are the post exam sample answers used to help you compare your answers with. 1 (TCO 1) Security policy contains three kinds of rules as policy clauses. What are they? Preventive, detective, and responsive Prohibitive, permissive, and mandatory Administrative, technical, and physical Management, technical, and operational Roles, responsibilities, and exemptions (Lecture Week 1, page 70 and Appendix C in the text) Controls are implemented using administrative, technical, and physical methods. 2 (TCO 2) The _____ of the 17 NIST control _____ can be placed into the 10 IISSCC _____ comprising the common body of knowledge for information security. technologies, domains, families controls, families, domains domains, families, technologies principles, domains, families controls, domains, principles (Lecture, Chapter 3 in the text) There are many controls that are grouped into control families that fit into the 10 domains. 3 (TCO 2) What are the classes of security controls? Detection, prevention, and response Management, technical, and operational Administrative, technical, and physical Administrative, technical, and procedural You will also find controls arranged by class in standards documents, where these classes are called management, technical, and operational. (Lecture Week 1) 4 (TCO 3) Three of the most important jobs of security management are to ensure _____ are organized according to sensitivity, ensure that roles maintain _____, and to manage _____ because that is the enemy of security. assets, accountability, software assets, separation of duties, complexity software, separation of duties, complexity software, accountability, people people, separation of duties, technology Chapters 2, 3, and 4 in the text, lecture 5 (TCO 4) "There shall be a way for an individual to correct information in his or her records" is a clause that might be found in a _____. law code of ethics corporate policy fair information practices statement Any of the above (Chapter 7 in text, lecture) Similar statements are found in examples of each of these, although though for nonlegal, nonpolicy documents, many times "shall" is replaced by "will," "must be able to," or some other phrase.