Principles of Incident Response and
Disaster Recovery Chapter 1 with 64
verified solutions.
Principles of Incident Response and
Disaster Recovery Chapter 1 with 64
verified solutions.
The vision of an organization is a written statement of an organization's purpose. -
ANSWER-False
____ ensures that only those with the rights and privileges to access information are
able to do so. - ANSWER-Confidentiality
A(n) ____ is any clearly identified attack on the organization's information assets that
would threaten the assets' confidentiality, integrity, or availability. - ANSWER-incident
A(n) ____ attack seeks to deny legitimate users access to services by either tying up a
server's available resources or causing it to shut down. - ANSWER-DoS
____ assigns a risk rating or score to each information asset. Although this number
does not mean anything in absolute terms, it is useful in gauging the relative risk to
each vulnerable information asset and facilitates the development of comparative
ratings later in the risk control process. - ANSWER-Risk Assessment
An asset can be logical, such as a Web site, information, or data; or an asset can be
physical, such as a person, computer system, or other tangible object. - ANSWER-True
Information assets have ____ when they are not exposed (while being stored,
processed, or transmitted) to corruption, damage, destruction, or other disruption of
their authentic states. - ANSWER-integrity
____ of risk is the choice to do nothing to protect an information asset and to accept the
outcome of its potential exploitation. - ANSWER-Acceptance
Information assets have ____ when authorized users - persons or computer systems -
are able to access them in the specified format without interference or obstruction. -
ANSWER-availability
A(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset. -
ANSWER-threat
, Principles of Incident Response and
Disaster Recovery Chapter 1 with 64
verified solutions.
Intellectual property (IP) includes trade secrets, copyrights, trademarks, and patents -
ANSWER-True
A ____ deals with the preparation for and recovery from a disaster, whether natural or
man-made. - ANSWER-disaster recovery plan
A(n) ____ is an investigation and assessment of the impact that various attacks can
have on the organization. - ANSWER-business impact analysis (BIA)
An enterprise information security policy (EISP) addresses specific areas of technology
and contains a statement on the organization's position on each specific area. -
ANSWER-False
____ (sometimes referred to as avoidance) is the risk control strategy that attempts to
prevent the exploitation of a vulnerability. - ANSWER-Defense
____ hack systems to conduct terrorist activities through network or Internet pathways. -
ANSWER-Cyberterrorists
____ is a risk control approach that attempts to shift the risk to other assets, other
processes, or other organizations. - ANSWER-Transference
____ is the process of moving an organization toward its vision. - ANSWER-Strategic
Planning
The term ____ refers to a broad category of electronic and human activities in which an
unauthorized individual gains access to the information an organization is trying to
protect. - ANSWER-trespass
The ____ illustrates the most critical characteristics of information and has been the
industry standard for computer security since the development of the mainframe. -
ANSWER-C.I.A. Triangle
A(n) ____ is used to anticipate, react to, and recover from events that threaten the
security of information and information assets in an organization; it is also used to
restore the organization to normal modes of business operations. - ANSWER-
contingency plan
____ is the risk control approach that attempts to reduce the impact caused by the
exploitation of vulnerability through planning and preparation. - ANSWER-Mitigation
Disaster Recovery Chapter 1 with 64
verified solutions.
Principles of Incident Response and
Disaster Recovery Chapter 1 with 64
verified solutions.
The vision of an organization is a written statement of an organization's purpose. -
ANSWER-False
____ ensures that only those with the rights and privileges to access information are
able to do so. - ANSWER-Confidentiality
A(n) ____ is any clearly identified attack on the organization's information assets that
would threaten the assets' confidentiality, integrity, or availability. - ANSWER-incident
A(n) ____ attack seeks to deny legitimate users access to services by either tying up a
server's available resources or causing it to shut down. - ANSWER-DoS
____ assigns a risk rating or score to each information asset. Although this number
does not mean anything in absolute terms, it is useful in gauging the relative risk to
each vulnerable information asset and facilitates the development of comparative
ratings later in the risk control process. - ANSWER-Risk Assessment
An asset can be logical, such as a Web site, information, or data; or an asset can be
physical, such as a person, computer system, or other tangible object. - ANSWER-True
Information assets have ____ when they are not exposed (while being stored,
processed, or transmitted) to corruption, damage, destruction, or other disruption of
their authentic states. - ANSWER-integrity
____ of risk is the choice to do nothing to protect an information asset and to accept the
outcome of its potential exploitation. - ANSWER-Acceptance
Information assets have ____ when authorized users - persons or computer systems -
are able to access them in the specified format without interference or obstruction. -
ANSWER-availability
A(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset. -
ANSWER-threat
, Principles of Incident Response and
Disaster Recovery Chapter 1 with 64
verified solutions.
Intellectual property (IP) includes trade secrets, copyrights, trademarks, and patents -
ANSWER-True
A ____ deals with the preparation for and recovery from a disaster, whether natural or
man-made. - ANSWER-disaster recovery plan
A(n) ____ is an investigation and assessment of the impact that various attacks can
have on the organization. - ANSWER-business impact analysis (BIA)
An enterprise information security policy (EISP) addresses specific areas of technology
and contains a statement on the organization's position on each specific area. -
ANSWER-False
____ (sometimes referred to as avoidance) is the risk control strategy that attempts to
prevent the exploitation of a vulnerability. - ANSWER-Defense
____ hack systems to conduct terrorist activities through network or Internet pathways. -
ANSWER-Cyberterrorists
____ is a risk control approach that attempts to shift the risk to other assets, other
processes, or other organizations. - ANSWER-Transference
____ is the process of moving an organization toward its vision. - ANSWER-Strategic
Planning
The term ____ refers to a broad category of electronic and human activities in which an
unauthorized individual gains access to the information an organization is trying to
protect. - ANSWER-trespass
The ____ illustrates the most critical characteristics of information and has been the
industry standard for computer security since the development of the mainframe. -
ANSWER-C.I.A. Triangle
A(n) ____ is used to anticipate, react to, and recover from events that threaten the
security of information and information assets in an organization; it is also used to
restore the organization to normal modes of business operations. - ANSWER-
contingency plan
____ is the risk control approach that attempts to reduce the impact caused by the
exploitation of vulnerability through planning and preparation. - ANSWER-Mitigation
