Exam (elaborations)
ISO27001 AND ISO27002 STARDARDS AND RISK MANAGEMENT
- Course
- Institution
ISO27001 AND ISO27002 STARDARDS AND RISK MANAGEMENT...
[Show more]
Content preview
ISO27001 AND ISO27002 STARDARDSAND RISK MANAGEMENT
Before we are able to start defining a security strategy, we must first
know what we are protecting and what we are protecting it from. -
ANSWER Risk Analysis
Risk Assessment
To achieve information security, a suitable set of controls needs to be
implemented, what are they? - ANSWER Policies, procedures,
organizational structures and software and hardware functions.
All security controls and mechanisms are implemented to protect one or
more of these security principles? - ANSWER Confidentiality
(exclusivity), Integrity and Availability
What security principle ensures that a necessary level of secrecy is
enforced at each element of data processing and prevents unauthorized
disclosure? - ANSWER Confidentiality
Confidentiality can be achieved by? - ANSWER Encrypting data while at
rest and during transit
Using network traffic padding
Implementing strict access controls and data classifications
Training and awareness of proper procedures
Some examples of Confidentiality measures are? - ANSWER Clear desk
policy
Need to know basis
Strict access controls (physical and logical)
Separation of duties
Strict separations between environments
Logical access management
Encryption for data at rest (whole disk, database encryption)
Encryption for data in transit (IPsec, SSL, PPTP, SSH)
, What is traffic padding? - ANSWER Produces a continuous random data
stream of cipher text making it harder for an attacker to distinguish
between true data flow and padding.
What security principle refers to being correct or consistent with the
intended state of information? - ANSWER Integrity
Some examples of Integrity measures are? - ANSWER Changes in data
and systems are authorized
Auditing
Segregation of Duties
Hashing (data integrity)
Configuration management (system integrity)
Change control (process integrity)
Access control (physical and logical)
Transmission CRC functions
What security principle refers to the reliable and timeless access to data
and resources to authorized individuals? - ANSWER Availability
Some examples of Availability measures are? - ANSWER RAID
Clustering
Load Balancing
Redundancy
Software and Data backups
dish shadowing
Co-location and off-site facilities
Roll back functions
fail-over configurations
The likelihood of a threat agent taking advantage of a vulnerability and
the corresponding business impact is referred to as? - ANSWER Risk
An entity that takes advantage or exploits a threat is called? - ANSWER
A threat agent
The potential of an unwanted incident occurring that may result in harm
to a system or organization. - ANSWER A threat
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller luzlinkuz. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
82215 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now