NNIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans.

The bottom-up approach to information security has a higher probability of success than the top-down approach.

The ____ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.

ISO/IEC 17799 is more useful than any other information security management approach.

____ often function as standards or procedures to be used when configuring or maintaining systems.

A(n) ____ plan deals with the identification, classification, response, and recovery from an incident.

Security training provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely.

Technical controls guide the development of education, training, and awareness programs for users, administrators, and management.

Using a methodology increases the probability of success.

The ____ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.