CHAPTER 1   Information Systems Security Policy Management

1. C   2. Standards   3. A   4. D and E   5. Procedure   6. D   7. C   8. Human   9. E   10. B   11. E

  CHAPTER 2   Business Drivers for Information Security Policies

1. C   2. A   3. A   4. Preventive   5. C   6. B   7. D   8. A   9. D   10. D   11. A   12. B   13. B   14. D   15. D

  CHAPTER 3   U.S. Compliance Laws and Information Security Policy Requirements

1. B   2. E   3. E   4. D   5. Cyberterrorism or cyberwarfare   6. B   7. CIPA   8. B   9. B   10. B   11. D   12. D

  CHAPTER 4   Business Challenges Within the Seven Domains of IT Responsibility

1. B   2. A   3. C   4. C   5. LAN-to-WAN Domain   6. A   7. Segmented network   8. A   9. B   10. B   11. D   12. B   13. C   14. B   15. C   16. Concentrators   17. C   18. IDs and Passwords

  CHAPTER 5   Information Security Policy Implementation Issues

1. E   2. B   3. Be in the background; precisely what is asked of them   4. The cost of business   5. B   6. A   7. C   8. A   9. A   10. B   11. Security policy   12. A   13. D   14. A   15. C   16. C

  CHAPTER 6   IT Security Policy Frameworks

1. F   2. A   3. A, B, and C   4. A   5. Policies   6. B   7. C   8. Dormant accounts   9. Confidentiality, integrity, availability, authorization, and nonrepudiation   10. B   11. G   12. B   13. B

  CHAPTER 7   How to Design, Organize, Implement, and Maintain IT Security Policies

1. A   2. D   3. A   4. D   5. C   6. B   7. B   8. C   9. Answers may include devices and processes used to control physical access; examples include fences, security guards, locked doors, motion detectors, and alarms   10. Lessons learned   11. Policy   12. Defense in depth   13. A   14. B   15. A and D

  CHAPTER 8   IT Security Policy Framework Approaches

1. A   2. C   3. D   4. E   5. A   6. B   7. B   8. B   9. B   10. Priorities or specialties   11. A   12. Expensive or burdensome   13. Social engineering   14. B

  CHAPTER 9   User Domain Policies

1. B   2. Firecall-ID   3. A   4. Auditor   5. B   6. B   7. Insider   8. B   9. B   10. Escalate   11. D   12. Service   13. B

  CHAPTER 10 IT Infrastructure Security Policies

1. D   2. B   3. D   4. A   5. D   6. E   7. B   8. B   9. Enterprise data management   10. Cohesive, coherent   11. A   12. B   13. B   14. B

  CHAPTER 11 Data Classification and Handling Policies and Risk Management Policies

1. C   2. B   3. E   4. E   5. A   6. B   7. Confidential   8. B   9. C   10. B   11. B   12. Risk exposure [=] Likelihood the event will occur [×] Impact if the event occurs   13. C   14. B

  CHAPTER 12 Incident Response Team (IRT) Policies

1. B   2. C   3. D   4. D   5. Severity   6. B   7. Incident is declared   8. A   9. B   10. D   11. B   12. D   13. Public relations   14. B   15. A   16. B

  CHAPTER 13 IT Security Policy Implementations

1. D   2. A   3. C   4. B   5. B   6. D   7. D   8. A   9. B   10. D   11. B   12. Motivations or needs   13. B   14. B   15. A

  CHAPTER 14 IT Security Policy Enforcement

1. B   2. Executive management   3. B   4. C   5. E   6. Security policies   7. B   8. B   9. D   10. B   11. A   12. E   13. B   14. D   15. Before, after   16. Appetite, tolerance

  CHAPTER 15 IT Policy Compliance Systems and Emerging Technologies

1. Baseline   2. B   3. B   4. Vulnerability window or security gap   5. D   6. A   7. D   8. A   9. B   10. A   11. C   12. B   13. Likelihood × Impact   14. C   15. A   16. Digital signature   17. B