422 ◾ Appendix: Answers to Review Questions
© 2011 by Taylor & Francis Group, LLC
e correct answer is a. Governance identies and enumerates all relevant
security compliance requirements. ese may include legislation, regulation,
directives, instructions, contractual obligations, and good business practice.
e planning function determines the appropriate steps to take to estab-
lish and maintain compliance. e results of planning will include a list of
necessary policies, standards, procedures, and guidelines that convey expected
behavior within the organization to establish and maintain compliance.
Implementation takes the policies, standards, procedures, and guidelines
and inserts them into enterprise daily activities. Deployment makes compli-
ance part of daily operations throughout the enterprise.
e role of adjudication is to resolve these conicts in the best interest of
the stakeholders and the enterprise.
14. Which of the following is false about system hardening?
a. System hardening is the elimination of known vulnerabilities, exploits,
and generally turning o or uninstalling unnecessary functions.
b. Each operating system, each version of the same operating system, and
each patch release of the same operating system may have a dierent pro-
cedure for hardening the system.
c. Disabling unused services will require OS parameter changes at the kernel
or registry level, or modications to services that initiate or run at startup.
d. None of the above.
e correct answer is d. System hardening is the elimination of known vul-
nerabilities, exploits, and generally turning o or uninstalling unnecessary
functions. Each operating system, each version of the same operating system,
and each patch release of the same operating system may have a dierent pro-
cedure for hardening the system. Disabling unused services will require OS
parameter changes at the kernel or registry level, or modications to services
that initiate or run at startup.
15. What is the dierence between legislative management and litigation
management?
a. Litigation management is the use of lobby groups by senior management
to establish working relationships with the local judiciary, and legislation
management is the use of lobby groups with Congress to inuence the
content of security laws.
b. Legislative management attempts to avoid litigation, and litigation man-
agement intends to minimize the negative eects on an organization in
the event of an incident.
c. Litigation management involves establishing working relationships
between senior management, security personnel, and the enterprise legal