The foundation of an information security program is:
Alignment with the goals and objectives of the organization
The core principles of an information security program are:
Confidentiality, Integrity and Availability
The key factor in a successful information security program is:
Senior Manag...
the core principles of an information security pro
the key factor in a successful information securit
a threat can be described as
Written for
CISM
All documents for this subject (267)
Seller
Follow
munyuabeatrice92
Content preview
The foundation of an information security program is:
Alignment with the goals and objectives of the organization
The core principles of an information security program are:
Confidentiality, Integrity and Availability
The key factor in a successful information security program is:
Senior Management support
A threat can be described as:
Any event or action that could cause harm to the organization
True/False: Threats can be either intentional or accidental
True
Personnel Security requires trained personnel to manage systems and
networks. When does personnel security begin?
Through pre-employment checks
Who plays the most important role in information security?
Upper management
The advantage of an IPS (intrusion prevention system) over an IDS
(intrusion detection system) is that:
The IPS can block suspicious activity in real time
True/False: Physical security is an important part of an Information
Security program
True
The Sherwood Applied Business Security Architecture (SABSA) is
primarily concerned with:
An enterprise=wide approach to security architecture
A centralized approach to security has the primary advantage of:
Uniform enforcement of security policies
The greatest advantage to a decentralized approach to security is:
More adjustable to local laws and requirements
A primary objective of an information security strategy is to:
Identify and protect information assets
The first step in an information security strategy is to:
Determine the desired state of security
Effective information security governance is based on:
implementing security policies and procedures
The use of a standard such as ISO27001 is useful to:
Ensure that all relevant security needs have been addressed
Three main factors in a business case are resource usage, regulatory
compliance and:
, Return on investment
What is a primary method for justifying investments in information
security?
development of a business case
Relationships with third parties may:
Require the organization to comply with the security standards of the
third party
True or False? The organization does not have to worry about the
impact of third party relationships on the security program
False
The role of an Information Systems Security Steering Committee is to:
Provide feedback from all areas of the organization
The most effective tool a security department has is:
A security awareness program
The role of Audit in relation to Information Security is:
The validate the effectiveness of the security program against
established metrics
Who should be responsible for development of a risk management
strategy?
The Security Manager
The security requirements of each member of the organization should
be documented in:
Their job descriptions
What could be the greatest challenge to implementing a new security
strategy?
Obtaining buy-in from employees
A disgruntled former employee is a:
Threat
A bug or software flaw is a:
Vulnerability
An audit log is an example of a:
Detective control
A compensating control is used:
When normal controls are not sufficient to mitigate the trick
Encryption is an example of a:
Countermeasure
The examination of risk factors would be an example of:
Risk analysis
True/False: The only real risk mitigation technique is based on
effective implementation of technical controls.
False
Should a risk assessment consider controls that are planned but not
yet implemented?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller munyuabeatrice92. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.49. You're not tied to anything after your purchase.
