100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
ISO27001 AND ISO27002 STARDARDS AND RISK MANAGEMENT $12.49   Add to cart

Exam (elaborations)

ISO27001 AND ISO27002 STARDARDS AND RISK MANAGEMENT

 9 views  0 purchase
  • Course
  • ISO27001 AND ISO27002 STARDARDS AND RISK
  • Institution
  • ISO27001 AND ISO27002 STARDARDS AND RISK

ISO27001 AND ISO27002 STARDARDS AND RISK MANAGEMENT...

Preview 2 out of 7  pages

  • October 12, 2024
  • 7
  • 2024/2025
  • Exam (elaborations)
  • Unknown
  • ISO27001 AND ISO27002 STARDARDS AND RISK
  • ISO27001 AND ISO27002 STARDARDS AND RISK
avatar-seller
luzlinkuz
ISO27001 AND ISO27002 STARDARDS
AND RISK MANAGEMENT

Before we are able to start defining a security strategy, we must first
know what we are protecting and what we are protecting it from. -
ANSWER Risk Analysis
Risk Assessment

To achieve information security, a suitable set of controls needs to be
implemented, what are they? - ANSWER Policies, procedures,
organizational structures and software and hardware functions.

All security controls and mechanisms are implemented to protect one or
more of these security principles? - ANSWER Confidentiality
(exclusivity), Integrity and Availability

What security principle ensures that a necessary level of secrecy is
enforced at each element of data processing and prevents unauthorized
disclosure? - ANSWER Confidentiality

Confidentiality can be achieved by? - ANSWER Encrypting data while at
rest and during transit
Using network traffic padding
Implementing strict access controls and data classifications
Training and awareness of proper procedures

Some examples of Confidentiality measures are? - ANSWER Clear desk
policy
Need to know basis
Strict access controls (physical and logical)
Separation of duties
Strict separations between environments
Logical access management
Encryption for data at rest (whole disk, database encryption)
Encryption for data in transit (IPsec, SSL, PPTP, SSH)

, What is traffic padding? - ANSWER Produces a continuous random data
stream of cipher text making it harder for an attacker to distinguish
between true data flow and padding.

What security principle refers to being correct or consistent with the
intended state of information? - ANSWER Integrity

Some examples of Integrity measures are? - ANSWER Changes in data
and systems are authorized
Auditing
Segregation of Duties
Hashing (data integrity)
Configuration management (system integrity)
Change control (process integrity)
Access control (physical and logical)
Transmission CRC functions

What security principle refers to the reliable and timeless access to data
and resources to authorized individuals? - ANSWER Availability

Some examples of Availability measures are? - ANSWER RAID
Clustering
Load Balancing
Redundancy
Software and Data backups
dish shadowing
Co-location and off-site facilities
Roll back functions
fail-over configurations

The likelihood of a threat agent taking advantage of a vulnerability and
the corresponding business impact is referred to as? - ANSWER Risk

An entity that takes advantage or exploits a threat is called? - ANSWER
A threat agent

The potential of an unwanted incident occurring that may result in harm
to a system or organization. - ANSWER A threat

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller luzlinkuz. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75323 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.49
  • (0)
  Add to cart