CIS 502 Midterm Set 2 CIS 502 Midterm Set 2 | Page 2

• 6 A qualitative risk assessment is used to identify: • 7 An employee with a previous criminal history was terminated. The former employee leaked several sensitive documents to the news media. To prevent this, the organization should have: • 8 CIA is known as: • 9 The options for risk treatment are: • 10 The statement, “Information systems should be configured to require strong passwords”, is an example of a/an: • 11 An organization has a strong, management-driven model of security related activities such as policy, risk management, standards, and processes. This model is better known as: • 12 An organization wishes to purchase an application, and is undergoing a formal procurement process to evaluate and select a product. What documentation should the organization use to make sure that the application selected has the appropriate security-related characteristics? • 13 The statement, “Promote professionalism among information system security practitioners through the provisioning of professional certification and training.” is an example of a/an: • 14One disadvantage of the use of digital certificates as a means for two-factor authentication is NOT: