Читаем CISSP Practice полностью

3. Which of the following parties is usually not notified at all or is notified last when a computer security incident occurs?

a. System administrator

b. Legal counsel

c. Disaster recovery coordinator

d. Hardware and software vendors

3. b. The first part of a response mechanism is notification, whether automatic or manual. Besides technical staff, several others must be notified, depending on the nature and scope of the incident. Unfortunately, legal counsel is not always notified or is notified thinking that involvement is not required.

4. An organization just had a computer security incident. Who generally reacts most negatively?

a. E-Partners

b. Suppliers

c. Investors

d. Trading partners

4. c. Investors will punish the organization that was subject to a computer security incident such as hacking. They have the most to lose, thereby negatively impacting the company’s valuation. The other parties do not have the same stake.

5. A computer security incident was detected. Which of the following is the best reaction strategy for management to adopt?

a. Protect and preserve

b. Protect and recover

c. Trap and prosecute

d. Pursue and proceed

5. b. If a computer site is vulnerable, management may favor the protect-and-recover reaction strategy because it increase defenses available to the victim organization. Also, this strategy can bring normalcy to the network’s users as quickly as possible. Management can interfere with the intruder’s activities, prevent further access, and begin damage assessment. This interference process may include shutting down the computer center, closing of access to the network, and initiating recovery efforts. Law enforcement authorities and prosecutors favor the trap-and-prosecute strategy. It lets intruders continue their activities until the security administrator can identify the intruder. In the mean time, there could be system damage or data loss.

Sources and References

Anti-Spam Laws. (www.oecd-antispam.org).

“Computer Security Incident Handling Guide (NIST SP800-61 Revision 1),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, March 2008.

Corley, Lee Reed, and Shedd. 1993. The Legal and Regulatory Environment of Business , Ninth Edition. McGraw-Hill, Inc.

European Union (EU) Laws. (http://europa.eu/scadplus/leg/en).

“Guide to Computer Security Log Management (NIST SP800-92),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, September 2006.

“Guide to Integrating Forensic Techniques into Incident Response (NIST SP800-86),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, August 2006.

“Guidelines on Cell Phone Forensics (NIST SP800-101),” National Institute of Standards and Technology (NIST), U.S. Department of Commerce, Gaithersburg, Maryland, May 2007.

International Safe Harbor Privacy Principles. (www.ita.doc.gov).

OECD Guidelines for the Security of Information Systems. (www.oecd.org).

Privacy Laws - Organization for Economic Co-operation and Development (OECD). (www.oecd.org).

“Sawyers Internal Auditing by The Institute of Internal Auditors,” Altamonte Springs, Florida, 1988.

Stephenson, Peter. 2000. Investigating Computer-Related Crime. Boca Raton, FL: CRC Press LLC.

Domain 10

Physical and Environmental Security

Traditional Questions, Answers, and Explanations

1. Regarding physical security of cryptography, which modules are used the most in the production, implementation, and operation of encrypting routers?

a. Single-chip cryptographic modules

b. Multiple-chip standalone cryptographic modules

c. Software cryptographic modules

d. Hardware cryptographic modules

1. b. Multiple-chip standalone cryptographic modules are physical embodiments in which two or more integrated circuits (IC) chips are interconnected and the entire enclosure is physically protected. Examples of such implementations include encrypting routers or secure radios. Note that the security measures provided to these modules vary with the security levels of these modules.