Guide to Network Defense and Countermeasures, 2nd Edition, ISBN: 1418836796 Chapter 2, Page 74 Prof. Michael P. Harris ITSY 2430 Intrusion Detection Name: __________________ Chapter Review Questions, Chapter Quiz 02 Date: ________ Security Policy Design: Risk Analysis 1. Which of the following should be done before formulating a security policy? 2. Personnel records fit into which category of assets? 3. Survivable Network Analysis begins with what assumption? 4. Survivable Network Analysis looks for which of the following in a network? 5. What is an escalation procedure? (Choose all that apply.) 6. Name three factors that can increase the cost (beyond the actual sticker price) of replacing a piece of hardware that has been damaged or stolen. 7. List and describe the four steps of a Survivable Network Analysis in the order in which they should occur. Page 1 of 3 Guide to Network Defense and Countermeasures, 2nd Edition, ISBN: 1418836796 Chapter 2, Page 74 Prof. Michael P. Harris 8. The hardware and software you need to protect can be valued more easily by following what approach? 9. If an organization doesn’t have a full-fledged security staff on duty, what should it do? (Choose all that apply.) 10. When should an organization conduct a new round of risk analysis? 11. A risk analysis report should call attention to ___________. 12. __________________ is the term for the process of identifying, choosing, and setting up countermeasures justified by the risks you identify. 13. The ultimate goal of formulating a security policy is which of the following? 14. What are the hardware, software, and informational resources you need to protect called? 15. Equipment and buildings in the organization are called __________ assets. Page 2 of 3 Guide to Network Defense and Countermeasures, 2nd Edition, ISBN: 1418836796 Chapter 2, Page 74 Prof. Michael P. Harris 16. Which of the following risk factors are events and conditions that haven’t occurred but could happen? 17. Documents on network computers, e-mail messages, log files compiled by firewalls and IDSs, and confidential information on personnel, customers, and finances are considered what type of asset? 18. Ensuring that databases and other stores of information remain accessible if primary systems go offline is known as ___________. 19. The presence of one or more factors that increase threat probabilities increase your _____________. 20. The routers, cables, servers, and firewall hardware and software that enable employees to communicate with one another and other computers on the Internet are considered _______ assets. Page 3 of 3