2 cissp ® Official Study Guide Eighth Edition

What type of plan addresses the technical controls associated with alternate processing facilities, backups, and fault tolerance? A

Download 19,3 Mb.

Pdf ko'rish

bet	131/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 127 128 129 130 131 132 133 134 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Domain 1: Security and Risk Management
Chapter 4

18.
What type of plan addresses the technical controls associated with alternate processing
facilities, backups, and fault tolerance?
A.
Business continuity plan
B.
Business impact assessment
C.
Disaster recovery plan
D.
Vulnerability assessment
19.
What is the formula used to compute the single loss expectancy for a risk scenario?
A.
SLE = AV × EF
B.
SLE = RO × EF
C.
SLE = AV × ARO
D.
SLE = EF × ARO
20.
Of the individuals listed, who would provide the best endorsement for a business continuity
plan’s statement of importance?
A.
Vice president of business operations
B.
Chief information officer
C.
Chief executive officer
D.
Business continuity manager

Laws, Regulations,
and Compliance
The CISSP exam ToPICS CoveRed In
ThIS ChaPTeR InCLude:
✓
Domain 1: Security and Risk Management
■
1.3 Determine compliance requirements
■
1.3.1 Contractual, legal, industry standards, and
regulatory requirements
■
1.3.2 Privacy requirements
■
1.4 Understand legal and regulatory issues that pertain to
information security in a global context
■
1.4.1 Cyber crimes and data breaches
■
1.4.2 Licensing and intellectual property requirements
■
1.4.3 Import/export controls
■
1.4.4 Trans-border data flow
■
1.4.5 Privacy
Chapter
4

The world of compliance is a legal and regulatory jungle for
information technology (IT) and cybersecurity professionals.
National, state, and local governments have all passed over-
lapping laws regulating different components of cybersecurity in a patchwork manner. This
leads to an incredibly confusing landscape for security professionals who must reconcile the
laws of multiple jurisdictions. Things become even more complicated for multinational com-
panies, which must navigate the variations between international law as well.
Law enforcement agencies have tackled the issue of cybercrime with gusto in recent
years. The legislative branches of governments around the world have at least attempted to
address issues of cybercrime. Many law enforcement agencies have full-time, well-trained
computer crime investigators with advanced security training. Those who don’t usually
know where to turn when they require this sort of experience.
In this chapter, we’ll cover the various types of laws that deal with computer
security issues. We’ll examine the legal issues surrounding computer crime, privacy,
intellectual property, and a number of other related topics. We’ll also cover basic
investigative techniques, including the pros and cons of calling in assistance from law
enforcement.
Categories of Laws
Three main categories of laws play a role in our legal system. Each is used to cover a variety
of circumstances, and the penalties for violating laws in the different categories vary widely.
In the following sections, you’ll learn how criminal law, civil law, and administrative law
interact to form the complex web of our justice system.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 127 128 129 130 131 132 133 134 ... 881