100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CISMP EXAM QUESTIONS AND ANSWERS WITH COMPLETE SOLUTIONS VERIFIED BY EXPERT 2024/2025 $9.99   Add to cart

Exam (elaborations)

CISMP EXAM QUESTIONS AND ANSWERS WITH COMPLETE SOLUTIONS VERIFIED BY EXPERT 2024/2025

 8 views  0 purchase
  • Course
  • Institution

CISMP EXAM QUESTIONS AND ANSWERS WITH COMPLETE SOLUTIONS VERIFIED BY EXPERT 2024/2025 Confidentiality Information not disclosed to unauthorised people, entities or processes What should be included in an IA policy? How IA would be managed, how it should be communicated to users, statement of ...

[Show more]

Preview 4 out of 46  pages

  • October 14, 2024
  • 46
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
avatar-seller
CISMP EXAM QUESTIONS AND ANSWERS WITH COMPLETE

SOLUTIONS VERIFIED BY EXPERT 2024/2025


Confidentiality

Information not disclosed to unauthorised people, entities or processes

What should be included in an IA policy?

How IA would be managed, how it should be communicated to users, statement of

support from senior management, protection of IA assets and how they will comply with

legal and regulatory obligations, consequences of non compliance.

Integrity

Accuracy and completeness

Availability

Property of information being accessible to individuals with the authority

Non-repudiation

Assurance that information validity cannot be denied (having sent or created etc.). Proof

of origin and integrity of data

Cyber Security

The protection of privacy, integrity and accessibility of information

Asset

Anything of value to an organisation (information, physical or software)

How are assets valued and what five aspects are considered?

,This is done using a Business Impact Assessment that will consider:

1. Cost of loss/unavailability (time)



2. Cost of recovery (back to BAU)



3. Value to a competitor (how much they would pay to get this asset)



4. Impact on brand reputation and customer loyalty



5. Cost of damage to other operations

Threat

Cause of an unwanted incident that may result in harm (can be subjective)

Vulnerability

Weakness in an asset/control that can be exploited by a threat/Risk



Risks arise when a threat and vulnerability are present - they are the effect of

uncertainty on acheiving an objective.

Impact

Result of an incident caused by a threat - this drives the controls put into place

What is an information security policy and what should it contain?

This is a policy for information assets and should contain statements acknowledging risk

exists, it's seriousness and that it has been considered by persons of correct authority

What are controls? And what four types of controls are there?

,Controls are activities that manage risk.



1. Reduce: lesson the probability of occurrence or lower the impact (risk = likelihood X

impact)



2. Eliminate: completely avoid activity that results in risk



3. Transfer: make another organisation responsible through contracts or insurance (only

covers financial).



4. Accept: Tolerate when impacts/likelihood are too small to justify the cost of mitigation.

What is defence in a. depth and b. breadth?

Depth: interconnection so attacks need to consider more than one system when

targeting a single system.



Breadth: layers of security increasing in complexity with more critical assets

Identity

Information that distinguishes one entity (can be people or information assets) from

another in a given domain without ambiguity

What is the AAA Framework and what does it include?

Way to understand the access ability of individuals within an organisation.



1.Authentication: assurance of the claimed identity of the entity to a level of appropriate

, confidence (what they know, who they are, what they have)



2. Authorisation: correct permissions granted to a system entity for access to a

resource.



3. Accounting: usage monitoring using SIEM to understand what they are accessing or

attempting to access.

Accountability

Property of a process that ensures the actions of an entity can be traced back to a

unique identity. Every action in a system must have someone accountable.

Audit

Review of a party's capacity to meet approval agreements, check records that actions

have been carried out correctly, no misuse of the system and identify gaps in system

functionality.

Compliance

Meeting all application requirements outlined in a standard/published set of

requirements

Information security professionalism and ethics?

Trust is most highly valued as security professionals get access to very important

information

What is an Information Security Management System? (ISMS)

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller NurseAdvocate. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $9.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

78252 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$9.99
  • (0)
  Add to cart