星期六, 6月 11, 2011

COMPUTER CONTROL AUDITING AND SECURITY > TAKE ASSESSMENT: TEST 6 TOPIC 6

Question 1 text   Question 1

Question 1 answers
A.
B.
C.
D.
E.
F.
G.

The direct threat is the damage caused by the fire itself. The indirect threats are from heat, release of toxic fumes, water damage from fire suppression, and smoke damage.

Question 2 text   Question 2

Question 2 answers

Prevention and mitigation measures for water threats must encompass the range of such threats. For plumbing leaks, the cost of relocating threatening lines is generally difficult to justify. With knowledge of the exact layout of water supply lines, measures can be taken to locate equipment sensibly. The location of all shutoff valves should be clearly visible or at least clearly documented, and responsible personnel should know the procedures to follow in case of emergency. To deal with both plumbing leaks and other sources of water, sensors are vital. Water sensors should be located on the floor of computer rooms, as well as under raised floors, and should cut off power automatically in the event of a flood.

Question 3 text   Question 3

Question 3 answers
A.
B.
C.
D.


To deal with brief power interruptions, an uninterruptible power supply (UPS) should be employed for each piece of critical equipment. The UPS is a battery backup unit that can maintain power to processors, monitors, and other equipment for a period of minutes. UPS units can also function as surge protectors, power noise filters, and automatic shutdown devices when the battery runs low. For longer blackouts or brownouts, critical equipment should be connected to an emergency power source, such as a generator. For reliable service, a range of issues need to be addressed by management, including product selection, generator placement, personnel training, testing and maintenance schedules, and so forth.

Question 4 text   Question 4

Question 4 answers
A.
B.
C.
D.
E.

1. Improving employee behavior
2. Increasing the ability to hold employees accountable for their actions
3. Mitigating liability of the organization for an employee's behavior
4. Complying with regulations and contractual obligations

Question 5 text   Question 5

Question 5 answers
A.
B.
C.
D.

An organizational security policy is a formal statement of the rules by which people that are given access to an organization's technology and information assets must abide.

Question 6 text   Question 6

Question 6 answers
A.
B.
C.
D.

1. Significant employee work time may be consumed in non-work-related activities, such as surfing the Web, playing games on the Web, shopping on the Web, chatting on the Web, and sending and reading personal e-mail.
2. Significant computer and communications resources may be consumed by such non-work-related activity, compromising the mission that the IS resources are designed to support.
3. Excessive and casual use of the Internet and e-mail unnecessarily increases the risk of introduction of malicious software into the organization's IS environment.
4. The non-work-related employee activity could result in harm to other organizations or individuals outside the organization, thus creating a liability for the organization.
5. E-mail and the Internet may be used as tools of harassment by one employee against another.
6. Inappropriate online conduct by an employee may damage the reputation of the organization.