CISMP EXAM PREP (CHAPTER 3) EXAM QUESTIONS AND ANSWERS LATEST UPDATE GRADED A++
What are some security roles within an org?
Information Assurance Manager, Chief Information Security Officer (CISO)
What is a policy? What level of detail do policies contain? Are they mandatory?
A high-level sta...
Information Assurance Manager, Chief Information Security Officer (CISO)
What is a policy? What level of detail do policies contain? Are they mandatory?
A high-level statement of an org's values, goals and objectives and the approach to
achieveing them.
Policies do not contain specific information on how to meet the requirements, and they
ARE mandatory.
Example of this would be a policy that states each user is responsible for managing
their own password.
What is a standard? What level of detail do standards contain? Are they
mandatory?
A standard is more descriptive than a policy. It states what needs to be done and
provides consistency in controls that can be measured.
For example - It would state the minimum length of a password, if it needs
numbers/special characters
, Standards are mandatory
What is a procedure? What level of detail do procedures contain? Are they
mandatory?
A procedure is a set of working instructions which describe, what, when, how and by
whom something should be done. It is mandatory.
What is a guideline? What level of detail do guidelines contain? Are they
mandatory?
Guidelines provide more brief proactive advice, direction and best practices. They are
not mandatory.
What is the defence in depth principle?
This principle is that there are layer of security that build on one another.
What is the defence in breadth principle?
This is a recently coined phrase which is used to consider all connections to any
networked system. Understanding the breadth of the network and its connectivty is
crucial as the weakest link of the chain is where it will break.
What might you find in a end-user code of practice?
- Ensuring passwords/PINs are regularly changed
- Logging off PCs when left unattended
- Ensuring security incidents are reported
- Ensuring users only have access to systems and resources they need
- Locking away sensitive media and documentation when not in use.
Why are security audits used?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller NurseAdvocate. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.
