ZuoTi.Pro
Question

During the assessment of a new system, the System Owner (SO) mentioned that if unauthorized modification...

During the assessment of a new system, the System Owner (SO) mentioned that if unauthorized modification or destruction of medical information in the system occurred, it could result in potential loss of life because the system is the authoritative source of information about patient healthcare records including current and previous medications and ongoing medical procedures.

Which of the following is the BEST Security Categorization (SC) for the information type?

  1. SC medical information = ( confidentiality , MODERATE), ( integrity, LOW), (availability, LOW)
  2. SC medical information = ( confidentiality , MODERATE), ( integrity, MODERATE), (availability, MODERATE)
  3. SC medical information = ( confidentiality , MODERATE), ( integrity, HIGH), (availability, HIGH)
  4. SC medical information = ( confidentiality , MODERATE), ( integrity, MODERATE), (availability, HIGH)

One of the PRIMARY goals in conducting analysis of the test results from a scan during the Security Control Assessment (SCA) is to

  1. Identify false negative findings
  2. Categorize vulnerabilities
  3. Determine threats to the system
  4. Validate the system boundaries
engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

Which of the following is the BEST Security Categorization (SC) for the information type?

  1. SC medical information = ( confidentiality , MODERATE), ( integrity, LOW), (availability, LOW)
  2. SC medical information = ( confidentiality , MODERATE), ( integrity, MODERATE), (availability, MODERATE)
  3. SC medical information = ( confidentiality , MODERATE), ( integrity, HIGH), (availability, HIGH)
  4. SC medical information = ( confidentiality , MODERATE), ( integrity, MODERATE), (availability, HIGH)

Answer:------------
3. SC medical information = ( confidentiality , MODERATE), ( integrity, HIGH), (availability, HIGH)

One of the PRIMARY goals in conducting analysis of the test results from a scan during the Security Control Assessment (SCA) is to

  1. Identify false negative findings
  2. Categorize vulnerabilities
  3. Determine threats to the system
  4. Validate the system boundaries

Answer:------------
Identify false negative findings

0 0
Add a comment
Know the answer?
Add Answer to:
During the assessment of a new system, the System Owner (SO) mentioned that if unauthorized modification...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control...

    Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control assessor Information System Owner (ISO) Information Owner/Steward When making determinations regarding the adequacy of common controls for their respective systems, Information System Owner (ISO) refer to the Common Control Providers’ (CCP) Privacy Impact Assessment (PIA) Business Impact Analysis (BIA) Authorization Packages Vulnerability Scans An organization-wide approach to identifying common controls early in the Risk Management Framework (RMF) process does which of the following? Considers...

  • Database Security Database security involves protecting the database from unauthorized access, modification, or destruction. Since the...

    Database Security Database security involves protecting the database from unauthorized access, modification, or destruction. Since the database represents an essential corporate resource, database security is an important subcomponent of any organization's overall information systems security plan. Security threats are events or situations that could harm the system by compromising privacy or confidentiality, or by damaging the database itself. Security threats can occur either accidentally or deliberately. 1. List at least 3 examples of accidental security violations and then suggest 3...

  • Attacks: Passive – attempt to learn or make use of information from the system that does...

    Attacks: Passive – attempt to learn or make use of information from the system that does not affect system resources • Active – attempt to alter system resources or affect their operation • Insider – initiated by an entity inside the security parameter • Outsider – initiated from outside the perimeter Threat Consequences Unauthorized disclosure is a threat to confidentiality •Exposure: This can be deliberate or be the result of a human, hardware, or software error •Interception: unauthorized access to...

  • A new version of the operating system is being planned for installation into your department’s production...

    A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...

  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

  • We conducted a comprehensive literature search on drones in conservation up to October 2nd 2018, in...

    We conducted a comprehensive literature search on drones in conservation up to October 2nd 2018, in line with related studies [10,11,35]. All searches were done by the same person in English, mainly using Google Scholar. This was further complemented through reference harvesting, citation tracking, abstracts in conference programs, and author search, using Research Gate and Mendeley (see PRISMA Flowchart in Supplementary Figure S1 Checklist and list of studies reviewed in Table S1). We then removed duplicate and unrelated results. Finally,...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT