ITS 305 - Security Policies and Auditing
Review for Third Test
The following questions are provided to help you study for
the third test. Do not expect to see these exact questions on the test.
Questions about Chapter 12
- What is the text's definition of a security incident?
- If your organization has both, what is the difference between an IRT
and an SIRT?
- What is the difference between a security incident and an security
- What characteristic of a security incident automatically escalates
the incident to the highest status?
- What are two numeric concepts we might use to measure the scale of
- Which operational scope for an SIRT places it at the location of the
- Which operational scope for an SIRT is used in complex but small environments?
- Under what operational condition should we conduct a Business Impact
Analysis? How does a BIA affect incident response planning?
- When is an incident response procedure used? When do we use a business
- What is the purpose of a disaster recovery plan?
Questions about Chapters 13 and 14
- When we introduce a new policy, the text recommends that we sell
the idea to management with three parameters. What are they?
- How does the SMART acronym apply to writing a policy?
- Why is it likely that a trained, reliable, good intentioned worker
might violate a new version of a policy? What do we do about that?
- What are some arguments from the text that support the use of computer
- Explain why a pilot group for a new policy can provide at least two
benefits to you.
- Why should we try to make sure that all levels of management will
buy in to a new policy?
- What is the purpose of governance committees? How are they usually
organized in an organization?
- What is an exception to the employer's right to monitor the contents
of email that courts have upheld?
- GLBA requires that we report instances of unauthorized access. Who
should we contact for guidance about when it is important enough to
- Does the text's suggestion about interpreting GLBA mean that we do
nothing about lower numbers of inappropriate access?
- Since we can use many automated policies about access, why should
we bother with the manual review policies noted in the text?
Questions about Chapter 15
- In terms of this chapter, what is the purpose of a security baseline?
- In the example of a baseline in the chapter, we see three common
changes to make on a Windows server. What are they?
- If an IDPS detects processor usage above that which is stored in
your baseline, why should that trigger an alert for an administrator,
as opposed to triggering a an action by the IDPS?
- If your policy requires that you use image files for your workstations,
what kind of file is that likely to be?
- If you use one of the recommended Microsoft tools to push images to
workstations, which of the three in the text is it most likely to be?
- Which is likely to take less intervention from an administrator to
load software on a series of workstations, SCCM or Group Policy?
- What is the purpose of a digital signature, in the context of this
chapter? What technology does it require us to use in the example in
- What is the Symantec product that the text recommended for creating
image files? What would be an alternative?
- How does public key cryptography work?