Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

ISC2 Exam CSSLP Topic 3 Question 98 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 98
Topic #: 3
[All CSSLP Questions]

A security policy is an overall general statement produced by senior management that dictates what role security plays within the

organization. Which of the following are required to be addressed in a well designed policy?

Each correct answer represents a part of the solution. Choose all that apply.

Show Suggested Answer Hide Answer
Suggested Answer: D

The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002 as Title III of the E-Government Act

of 2002. The act recognized the importance of information security to the economic and national security interests of the United States. The

act requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the

information and information systems that support the operations and assets of the agency, including those provided or managed by another

agency, contractor, or other source.

FISMA has brought attention within the federal government to cybersecurity and explicitly emphasized a 'risk-based policy for cost-effective

security'. FISMA requires agency program officials, chief information officers, and Inspectors Generals (IGs) to conduct annual reviews of the

agency's information security program and report the results to Office of Management and Budget (OMB). OMB uses this data to assist in its

oversight responsibilities and to prepare this annual report to Congress on agency compliance with the act.

Answer B is incorrect. The Lanham Act is a piece of legislation that contains the federal statutes of trademark law in the United States.

The Act prohibits a number of activities, including trademark infringement, trademark dilution, and false advertising. It is also called Lanham

Trademark Act.

Answer A is incorrect. The Computer Misuse Act 1990 is an act of the UK Parliament which states the following statement:

Unauthorized access to the computer material is punishable by 6 months imprisonment or a fine 'not exceeding level 5 on the standard

scale' (currently 5000).

Unauthorized access with the intent to commit or facilitate commission of further offences is punishable by 6 months/maximum fine on

summary conviction or 5 years/fine on indictment.

Unauthorized modification of computer material is subject to the same sentences as section 2 offences.

Answer C is incorrect. The Computer Fraud and Abuse Act is a law passed by the United States Congress in 1984 intended to reduce

cracking of computer systems and to address federal computer-related offenses. The Computer Fraud and Abuse Act (codified as 18 U.S.C.

1030) governs cases with a compelling federal interest, where computers of the federal government or certain financial institutions are

involved, where the crime itself is interstate in nature, or computers used in interstate and foreign commerce. It was amended in 1986, 1994,

1996, in 2001 by the USA PATRIOT Act, and in 2008 by the Identity Theft Enforcement and Restitution Act. Section (b) of the act punishes

anyone who not just commits or attempts to commit an offense under the Computer Fraud and Abuse Act but also those who conspire to do

so.


Contribute your Thoughts:

Tien
17 hours ago
Haha, C? Really? I can just see the policy now: 'All employees must be on the lookout for the nefarious Mr. X and his dastardly plans.' A, D, and maybe B are the way to go, for sure.
upvoted 0 times
...
Margarita
2 days ago
Come on, C? Who cares who's expected to exploit the vulnerability? That's just asking for trouble. A, D, and maybe B are the way to go.
upvoted 0 times
...
Nikita
14 days ago
I believe C should also be addressed in a security policy, as understanding who may exploit vulnerabilities is important for mitigation strategies.
upvoted 0 times
...
Leigha
15 days ago
I agree, A and D are essential. But I also think B is important - you need to understand the risks and vulnerabilities you're trying to address.
upvoted 0 times
...
Kanisha
16 days ago
A and D are definitely part of a well-designed security policy. You need to know what assets are being protected and who is responsible for following the policy.
upvoted 0 times
...
Marylin
18 days ago
I agree with you, Jenifer. Those aspects are crucial for a comprehensive security policy.
upvoted 0 times
...
Jenifer
23 days ago
I think A, B, and D are required in a well designed security policy.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77