Question: I am the framework used to stay in compliance with SOX 404.
Question: The difference between an Assessment and an Audit is that the assessment finds blame where an Audit does not. True or False
Question: This regulation ensures that organizations have sound information security practices and framework for effective information security resources that support federal operations, data, and infrastructure.
Answer: Federal Information Security Management Act (FISMA)
Question: Regulatory compliance benefits organizations, consumers, and this group of people.
Question: ‘Confidentiality’ is defined as in this in the DoD requirement for IA.
Answer: What is “ensuring that information is not disclosed to unauthorized sources”
Question: Organizations perform this to identify anything that is missing.
Answer: What is a gap analysis
Question: Financial Privacy Rule is found in this act
Answer: What is GLBA
Question: COSO stands for this.
Answer: Committee of Sponsoring Organizations
Question: An AUP is used primarily in this domain.
Answer: User Domain
Question: This is the end user’s operating environment.
Answer: Workstation Domain
Question: Reasons to expand the scope from the initial interviews can vary, but common examples include the lack of controls, the override of controls, and the __________.
Answer: Fraudulent Activity
Question: Applying controls is a direct result of the risk assessment process combined with an analysis of the tradeoffs and is a tradeoff of this.
Answer: Operational Impact
Question: Analyzing the potential threats requires the identification of all possible threats first is known as this.
Answer: Threat Identification
Question: Controls are classified as ______________, ______________, and ________________.
Answer: Preventive, Detective, and Corrective
Question: These are the three IT security controls covered by the National...