Enterprise Security Management Practices ◾ 71
© 2011 by Taylor & Francis Group, LLC
8. Security boundary is important to establishing
a. Who will be doing the certication eort
b. Scoping the security eort
c. Determining which regulations and laws apply
d. If the system will need an Internet connection or not
9. e Implementation Phase System Development Life Cycle includes
a. Conducting an initial security test
b. Identifying security solutions
c. Determining if the security is acceptable to operate
d. Dening the system security requirements
10. e ISSMP’s job is to provide security support at the end of which phase in
the System Development Life Cycle?
a. Disposition and Disposal
b. Operation and Maintenance
c. Implementation
d. Initiation
11. Risk assessments are done in which phases of the System Development Life Cycle?
a. Initiation
b. Initiation and Implementation
c. Implementation and Disposition and Disposal
d. Initiation, Implementation, and Operations and Maintenance
12. Who sets the information security standards for the public sector?
a. National Security Agency (NSA)
b. International Organization for Standardization (ISO)
c. National Institute of Standards and Technology (NIST)
d. International Electrotechnical Commission (IEC)
13. Families of controls are identied in which of the following documents?
a. NIST Special Publication 800-53
b. ISO 27002
c. DODI-8500.2
d. All the above
14. e ISSMP decides between using quantitative and qualitative risk assess-
ment based on
a. e budget process
b. reats
c. Vulnerabilities
d. Management decision processes
15. Assurances are those activities that provide management with what about
security solutions?
a. Due diligence
b. Protection