Please answer the six questions
Complete each section of the worksheet using the textbooks and course materials provided in Week 2.
1. The set of laws, rules, directives, and practices that regulate how an organization manages, protects, and distributes controlled information is called _______.
2. The security concept that states every user should be responsible for his or her own actions is called
_______.
3. The individual who is responsible for deciding on the access rights to the information for various personnel is called an _______.
4. Physical, technical, and administrative controls used to protect information systems are called
_______.
5. The probability that a particular threat will exploit a particular vulnerability of an information system is called _______.
6. An event, process, activity, or substance that has an adverse effect on organizational assets is called a _______.
Federal Information Security Management Act (FISMA) of 2002 Terminology Matching
Match the terminology with the correct definition by inserting the corresponding letter in the answer column.
|
Terminology
|
Answer
|
Definitions
|
7.
|
Authorize
|
|
A. Information systems and internal information are grouped based on impact.
|
8.
|
Supplement
|
|
B. The step where an initial set of security controls for the information system are chosen and tailored to obtain a starting point for required controls
|
9.
|
Monitor
|
|
C. Assess the risk and local conditions, including the security requirements, specific threat information, and cost–benefit analysis to increase or decrease security controls.
|
10.
|
Categorize
|
|
D. Step where the original and supplement controls are put in writing
|
11.
|
Document
|
|
E. Original and supplement controls are applied to the system.
|
12.
|
Select
|
|
F. Security controls are evaluated to see if they are implemented correctly and are operating as intended.
|
13.
|
Assess
|
|
G. Evaluation of risk to organizational operations, organizational assets, or individuals that leads to this action
|
14.
|
Implement
|
|
H. Requires checking and assessing the selected security controls in the information system on a continuous basis
|