Blog

True or False? A procedure document is a policy document that explains core security control requirements.

__________ is designed to eliminate as many security risks as possible. It limits access credentials to the minimum required to conduct any activity and ensures that access is authenticated to particular individuals.

In most organizations, it is impractical to forbid personal devices. However, these devices pose substantial security risks. Which of the following approaches gives the organization a high degree of control over the device’s security, but parsing the employee’s personal data from organization’s data can be problematic when the employee leaves?

True or False? Guidelines assist people in developing procedures or processes with best practices that other people have found useful.

True or False? RADIUS is an organizational model that focuses on the design, integration, security, distribution, and management of data across the enterprise.

True or False? A chain of custody for a user ID maintains a record of the ID when it is assigned, reassigned, or deleted.

True or False? Well-defined policies that govern user behavior ensure key risks are controlled in a consistent manner.

True or False? “Privilege creep” refers to individuals who retain access privileges within an organization based on their previous jobs within the organization.

In order for an IT security framework to meet information assurance needs, the framework needs to include policies for several areas. Which of the following is not one of the areas?

In general, WAN-specific standards identify specific security requirements for WAN devices. For example, the __________ explains the family of controls needed to secure the connection from the internal network to the WAN router, whereas the__________ identifies which controls are vital for use of web services provided by suppliers and external partnerships.