1. Business recovery strategy
2. Detailed plan development
3. Business impact analysis (BIA)
4. Testing and maintenance
1. False-acceptance rate (FAR)
2. Equal-error rate (EER)
3. False-rejection rate (FRR)
4. False-identification rate (FIR)
1. revocation and suspension of a subscriber's certificate.
2. generation and distribution of the CA public key.
3. establishing a link between the requesting entity and its public key.
4. issuing and distributing subscriber certificates.
1. Vendor access corresponds to the service level agreement (SLA).
2. User accounts are created with expiration dates and are based on services provided.
3. Administrator access is provided for a limited period.
4. User IDs are deleted when the work is completed.
4. Traffic analysis
1. The encryption is symmetric rather than asymmetric.
2. A long asymmetric encryption key is used.
3. The hash is encrypted rather than the message.
4. A secret key is used.
7. An organization provides information to its supply-chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?
1. A secure sockets layer (SSL) has been implemented for user authentication and remote administration of the firewall.
2. On the basis of changing requirements, firewall policies are updated.
3. Inbound traffic is blocked unless the traffic type and connections have been specifically permitted.
4. The firewall is placed on top of the commercial operating system with all installation options.
8. An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses wireless transport layer security (WTLS) and secure socket layers (SSL) technology for protecting their customers payment information. The IS auditor should be MOST concerned, if a hacker:
1. compromised the wireless application protocol (WAP) gateway.
2. installed a sniffing program in front of the server.
3. stole a customer's PDA.
4. listened to the wireless transmission.
1. Availability of online network documentation
2. Support of terminal access to remote hosts
3. Handling file transfer between hosts and interuser communications
4. Performance management, audit and control
1. there is an integration of IS and business staffs within projects.
2. there is a clear definition of the IS mission and vision.
3. there is a strategic information technology planning methodology in place.
4. the plan correlates business objectives to IS goals and objectives.