CYB125 - Ch9

Janette is the director of her company's network infrastructure group. She is explaining to the business owners the advantages and disadvantages of outsourcing network security. One consideration she presents is the question of who would be responsible for the data, media, and infrastructure. What consideration is she describing?

Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?

Biyu is a network administrator. She is developing the compliance aspect of her company's security policy. Currently, she is focused on the records of actions that the organization's operating system or application software creates. What aspect of compliance is Biyu focusing on?

Which agreement type is typically less formal than other agreements and expresses areas of common interest?

Omar is an infrastructure security professional. After reviewing a set of professional ethics issued by his company, he is learning and adopting ethical boundaries in an attempt to demonstrate them to others. What is this called?

Mia is her company's network security professional. She is developing access policies based on personnel security principles. As part of this effort, she is devising a method of taking high-security tasks and splitting them among several different employees so that no one person is responsible for knowing and performing the entire task. What practice is she developing?

What is not a privacy principle created by the Organisation for Economic Co-operation and Development (OECD)?

Hajar is a network engineer. She is creating a system of access involving clearance and classification based on users and the objects they need in a secure network. She is restricting access to secure objects by users based on least privilege and which of the following?

What is the least likely goal of an information security awareness program?

Rodrigo has just received an email at work from an unknown person. The sender claims to have incriminating evidence against Rodrigo and threatens to release it to his employer and his family unless he discloses certain confidential information about his employer's company. Rodrigo does not know that several other people in the organization received the same email. What form of social engineering has occurred?