True or False Questions .
1. T F There is only one way to calculate economic value to justify investments in security measures. Answer: _____
2. T F A business continuity plan explains how an organization will maintain operational capabilities during an incident, while an incident response describes how the organization will handle the security incident itself. Answer: ____
3. T F Viruses infect hardware and executable files. Answer: _____
4. T F A fence register protects an operating system from a user, but does not protect the user from other users. Answer: _____
5. T F In conducting a risk analysis, it is often not possible to directly estimate the probability of an event. Answer: _____
6. T F A security policy that by default provides no access rights is an example of least privilege. Answer: _____
7. T F A security policy, no matter how well written, may need revision from time to time. Answer: _____
8. T F With unlimited resources and security controls, it is possible to reduce risk to zero. Answer: _____
9. T F A database management system with perfect user access controls would have no integrity vulnerability. Answer: _____
10. T F Since physical security is often managed under separate responsibility from information security, risk analysis for information security does not need to address physical security. Answer: _____