ITS 305 - Security Policies and Auditing

Review for Third Test

The following questions are provided to help you study for the third test. Do not expect to see these exact questions on the test.

Questions about Chapter 12

  1. What is the text's definition of a security incident?

  2. If your organization has both, what is the difference between an IRT and an SIRT?

  3. What is the difference between a security incident and an security infraction?

  4. What characteristic of a security incident automatically escalates the incident to the highest status?

  5. What are two numeric concepts we might use to measure the scale of an incident?

  6. Which operational scope for an SIRT places it at the location of the incident? Why?

  7. Which operational scope for an SIRT is used in complex but small environments?

  8. Under what operational condition should we conduct a Business Impact Analysis? How does a BIA affect incident response planning?

  9. When is an incident response procedure used? When do we use a business continuity plan?

  10. What is the purpose of a disaster recovery plan?

    Questions about Chapters 13 and 14

  11. When we introduce a new policy, the text recommends that we sell the idea to management with three parameters. What are they?

  12. How does the SMART acronym apply to writing a policy?

  13. Why is it likely that a trained, reliable, good intentioned worker might violate a new version of a policy? What do we do about that?

  14. What are some arguments from the text that support the use of computer based training?

  15. Explain why a pilot group for a new policy can provide at least two benefits to you.

  16. Why should we try to make sure that all levels of management will buy in to a new policy?

  17. What is the purpose of governance committees? How are they usually organized in an organization?

  18. What is an exception to the employer's right to monitor the contents of email that courts have upheld?

  19. GLBA requires that we report instances of unauthorized access. Who should we contact for guidance about when it is important enough to report?

  20. Does the text's suggestion about interpreting GLBA mean that we do nothing about lower numbers of inappropriate access?

  21. Since we can use many automated policies about access, why should we bother with the manual review policies noted in the text?

    Questions about Chapter 15

  22. In terms of this chapter, what is the purpose of a security baseline?

  23. In the example of a baseline in the chapter, we see three common changes to make on a Windows server. What are they?

  24. If an IDPS detects processor usage above that which is stored in your baseline, why should that trigger an alert for an administrator, as opposed to triggering a an action by the IDPS?

  25. If your policy requires that you use image files for your workstations, what kind of file is that likely to be?

  26. If you use one of the recommended Microsoft tools to push images to workstations, which of the three in the text is it most likely to be?

  27. Which is likely to take less intervention from an administrator to load software on a series of workstations, SCCM or Group Policy?

  28. What is the purpose of a digital signature, in the context of this chapter? What technology does it require us to use in the example in the text?

  29. What is the Symantec product that the text recommended for creating image files? What would be an alternative?

  30. How does public key cryptography work?