Security Program Document is consisted of the following:

Security Policies b) Procedures c) Standard d) Guidelines e) All

To avoid shelfware, electronic policies should be:

Brief b) Updated c) Relevant d) a and c e) b and d

The process of periodically reviewing the relevant policy documents consists of four basic steps: a) Monitoring the plan b) Evaluating the implementation c) A and B d) None

Types of security policy that stressed specific area of security focus, for example: Deals with Information Classification is: a) Organizational Policy b) Functional Policy c) System Specific Policy D)None

_____________ Enables personnel working with data to know when it is sensitive

Data Handling b) Data labeling c) Data Disposing d) All

A COBIT framework that receives a solutions and make them usable by end users is:

COBIT Policy b) COBIT Detail C) COBIT Implementation D) Delivery and Support

Provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management systems (ISMS), and controls 11 areas of information security management a) NIST 800-53 b) ISO/IEC 27001:2005 c) COBIT d) All

_____________is the method by which firms evaluate potential losses and take action to reduce or eliminate such threats. a) Risk control b)Risk response c)Risk Incident d) All

These are the laws, regulations, policies, practices and guidelines that govern the overall requirements a) Technical Controls b)Physical Controls c)Administration Controls d) A and B

Examples of ________________ includes firewalls, anti-virus software, authentication systems, intrusion detection systems, and file encryption, among others

a) Technical Controls b) Physical Controls c) A and B d) None

Section Two True or False

[1] ___________Web-based policies should each be no more than two online pages to get across as to what is expected.

[2] __________ Policy Document is your company's first defense in preparing for and mitigating a cyber-attack.

[3] ___________The Acceptable Use Policy (AUP) often goes hand-in-hand with an organizations internet usage policy.

[4] ___________Each policy should be specific and action oriented, including Baselines to take around each topic.

[5] ___________ Policies published online should be limited in length to two to three pages.

[6] _________COBIT is a nationally accepted set of tools organized into a framework that executives can use to ensure their IT is helping them achieve their goals and objectives.

7] __________ Sensitive information is confidential material would cause damage or be prejudicial to national security if publicly available.

[8] __________ Effective policies have consistent sanction policies to enable action when the policies are not followed. [9]__________ Technical jargon is acceptable both in technical documentation and in high-level security policies. [10]_________ Policy should be written to be technology dependent, as the technology may change over time.

Section Three: Fill in the blank

[1] A special category of private information that is becoming increasingly important today is: _________________________________________.

[2] A security policy principle (control) suggestion that's often met with raised eyebrows is ______________________________________.

[3] Practices of Security Policies that deals that policies are oriented to communicate mostly to non- technical people ________________________________________.

[4] ________________________ Implement Strong Access Control Measures (Logical and Physical Access, Need to Know)

[5] Information that is Secret material would cause "serious damage" to national security if it were publicly available is _____________________________________.

[6] __________________________ bridges the gap between the business and IT.

[7] ________________________This domain includes the actual processing of data by application systems, often classified under application controls.

[8] _______________________ restore the system or process back to the state prior to a harmful event.

[9] The COBIT domain that addresses managements oversight of the organization's control process is _________________________________________. [10] ______________________are clearly the best, since they minimize the possibility of loss by preventing the event from occurring.