ITS 3050 - Security Policies and Auditing

Review for Fourth Test

The following questions are provided to help you study for the fourth test. Do not expect to see these exact questions on the test.

  1. What are some of the reasons that cause people to be a major source of network security problems?

  2. In terms of social engineering, what is a pretext?

  3. What skills are needed for social engineering that are different from the skills required for more classic hacking?

  4. What are some common user behaviors that social engineers can exploit?

  5. What is privilege creep, and why would a network admin be concerned about it?

  6. What is a contingent ID, and when would it be used?

  7. Why should an acceptable use policy include or reference a non-compliance policy?

  8. What is the principle of least privilege? How does it differ from the principle of best fit?

  9. The authors do not suggest a counter measure to being asked to bypass security by a higher ranking executive. What should the technician do in that case?

  10. What are some features we would expect to find in baseline standards for workstations? Which devices would those policies not apply to?

  11. What are some examples of devices that LAN policies should apply to?

  12. What did the text suggest as two locations we might use in classifying documents?

  13. If we used a classification scheme that put all important data in one class, and there is only one other class, what should it be?

  14. In the National Security Classification scheme, what is sensitive but unclassified? What is the common theme in the three highest security levels?

  15. How is information classified in the scheme above automatically declassified?

  16. Who is allowed to ask for a mandatory declassification review?

  17. What is the text's definition of a security incident?

  18. If your organization has both, what is the difference between an IRT and an SIRT?

  19. What is the difference between a security incident and an security infraction?

  20. What characteristic of a security incident automatically escalates the incident to the highest status?

  21. What are two numeric concepts we might use to measure the scale of an incident?

  22. Which operational scope for an SIRT places it at the location of the incident? Why?

  23. Which operational scope for an SIRT is used in complex but small environments?

  24. Under what operational condition should we conduct a Business Impact Analysis? How does a BIA affect incident response planning?

  25. When is an incident response procedure used? When do we use a business continuity plan?

  26. What is the purpose of a disaster recovery plan?

  27. When we introduce a new policy, the text recommends that we sell the idea to management with three parameters. What are they?

  28. How does the SMART acronym apply to writing a policy?

  29. Why is it likely that a trained, reliable, good intentioned worker might violate a new version of a policy? What do we do about that?

  30. What are some arguments from the text that support the use of computer based training?

  31. Explain why a pilot group for a new policy can provide at least two benefits to you.

  32. Why should we try to make sure that all levels of management will buy in to a new policy?

  33. What is the purpose of governance committees? How are they usually organized in an organization?

  34. What is an exception to the employer's right to monitor the contents of email that courts have upheld?

  35. GLBA requires that we report instances of unauthorized access. Who should we contact for guidance about when it is important enough to report?

  36. Does the text's suggestion about interpreting GLBA mean that we do nothing about lower numbers of inappropriate access?

  37. Since we can use many automated policies about access, why should we bother with the manual review policies noted in the text?