Chapter 10 and 11 Questions & Answers

.docx

School

Indiana University, Purdue University, Indianapolis *

*We aren’t endorsed by this school

Course

45100

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

6

Uploaded by AdmiralParrotPerson970

Chapter 10 & 11 Questions & Answers Chapter 10: 1. A _____ is used to identify the impact on an organization if a risk occurs. A business impact analysis (BIA) is used to identify the impact on an organization if a risk occurs. 2. MAO is the minimal acceptable outage that a system or service can experience before its mission is affected. a. True b. False It is false that the MAO is the minimal acceptable outage that a system or service can experience before its mission is affected. 3. An organization wants to have an agreement with a vendor for an expected level of performance for a service that includes ensuring that monetary penalties are assessed if the minimum uptime requirements are not met. What should you use? a. MAO b. BIA c. SLA d. IDS What the organization should use if they want to have an agreement with a vendor for an expected level of performance for a service which includes ensuring that monetary penalties are assessed if the minimum uptime requirements are not met is SLA. 4. What would be used to identify mission-critical systems? a. Critical outage times b. Critical business functions c. PCI DSS review d. Disaster recovery plan Critical business functions would be used to identify mission-critical systems. 5. What can an organization use to remind users of an AUP’s contents? a. Logon banners b. Posters c. Emails d. All of the above To remind users of an AUP’s contents, an organization can use logon banners, posters, and emails. 6. Organizations that violate GDPR rules may be fined _____ or ______ of their annual global turnover, whichever is greater.
Organizations that violate GDPR rules may be fined $22 million or 4 percent of their annual global turnover, whichever is greater. 7. Which of the following strategies helps reduce security gaps even if a security control fails? a. Access control implementation b. Critical business factor analysis c. Defense in depth d. Business impact analysis Defense in depth helps reduce security gaps even if a security control fails. 8. How much can an organization be fined in a year for HIPPA-related mistakes? a. $100 b. $1,000 c. $25,000 d. $250,000 An organization can be fined up to $25,000 in a year for HIPPS-related mistakes. 9. What determines whether an organization is governed by FISMA? a. Whether it is registered with the Securities and Exchange Commission b. Whether its employees handle health-related information c. Whether it receives E-Rate funding d. Whether it is a federal agency Whether it is a federal agency determines whether an organization is governed by FISMA. 10. What determines whether an organization is governed by HIPPA? a. Whether it is registered with the Securities and Exchange Commission b. Whether its employees handle health-related information c. Whether it receives E-Rate funding d. Whether it is a federal agency Whether its employees handle health-related information determines whether an organization is governed by HIPPA. 11. What determines whether an organization is governed by SOX? a. Whether it is registered with the Securities and Exchange Commission b. Whether its employees handle health-related information c. Whether it receives E-Rate funding d. Whether it is a federal agency Whether it is registered with the Securities and Exchange Commission determines whether an organization is governed by SOX. 12. What determines whether an organization is governed by CIPA?
a. Whether it is registered with the Securities and Exchange Commission b. Whether its employees handle health-related information c. Whether it receives E-Rate funding d. Whether it is a federal agency Whether it receives E-Rate funding determines whether an organization is governed by CIPA. 13. A CBA has been performed on a prospective control. The CBA indicates the cost of the control is about the same as the control’s projected benefits. What should be done? a. Identify the ROI b. Purchase the control c. Cancel the purchase of the control d. Redo the CBA A CBA has been performed on a prospective control. The CBA indicates the cost of the control is about the same as the control’s projected benefits, what should be done is to identify the ROI. 14. Which of the following is a valid formula used to identify the projected benefits of a control? a. Loss after control – Loss before control b. Loss before control – Loss after control c. Cost of control + Losses d. Cost of control ½ Loss before control – Loss after control is a valid formula used to identify the projected benefits of a control. 15. A CBA can be used to justify the purchase of a control. a. True b. False It is false that a CBA can be used to justify the purchase of a control. Chapter 11: 1. A(n) _____ countermeasure is one that has been approved and has a date for implementation. An in-place countermeasure is one that has been approved and has a date for implementation. 2. A single risk can be mitigated by more than one countermeasure. a. True b. False It is true that a single risk can be mitigated by more than one countermeasure.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help