Author: Anonymous

In most organizations, it is impractical to forbid personal devices. However, these devices pose substantial security risks. Which of the following approaches gives the organization a high degree of control over the device’s security, but parsing the employee’s personal data from organization’s data can be problematic when the employee leaves?

True or False? Guidelines assist people in developing procedures or processes with best practices that other people have found useful.

True or False? RADIUS is an organizational model that focuses on the design, integration, security, distribution, and management of data across the enterprise.

True or False? A chain of custody for a user ID maintains a record of the ID when it is assigned, reassigned, or deleted.

True or False? Well-defined policies that govern user behavior ensure key risks are controlled in a consistent manner.

True or False? “Privilege creep” refers to individuals who retain access privileges within an organization based on their previous jobs within the organization.

In order for an IT security framework to meet information assurance needs, the framework needs to include policies for several areas. Which of the following is not one of the areas?

In general, WAN-specific standards identify specific security requirements for WAN devices. For example, the __________ explains the family of controls needed to secure the connection from the internal network to the WAN router, whereas the__________ identifies which controls are vital for use of web services provided by suppliers and external partnerships.

True or False? Operational risk results from negative publicity regarding an organization’s practices.

Within the User Domain of a typical IT infrastructure is a range of user types. Each type has specific and distinct access needs. Which of the following types of users are external to the organization, provide services to the organization, and are not directly managed by the organization?