CISM Flashcards
1
Q
What is a Metric
A
Quantifiable entity that allows the measurement of the achievement of a process goal
2
Q
Phases of Incidence Response
A
Prepare Identify Contain Eradicate Restore
3
Q
GRC
A
Governance, Risk Management, Compliance
4
Q
IRT Role ensures incident Response actions and procedures comply with legal and regulatory requirements
A
Legal Representative
5
Q
Component in GRC is the responsibility of senior management and the BoD, and focuses on creating mechanisms to ensure personnel follow established Processes and policies
A
Governance
6
Q
IRT role writes incident response reports and documents lessons learned
A
Incident handler
7
Q
What is meant by Incident Repsonse?
A
Planning, coordinating, and executing appropriate mitigation, containment, and recovery strategies and actions
8
Q
According ISACA, 5 main components of a Security Review?
A
Objective, Scope, Constraints, approach, result
9
Q
IRT role that writes reports of investigation findings
A
Investigator
10
Q
Role that develops the security strategy with business objectives
A
CISO ir Info Sec manager
11
Q
Acronym CSF mean?
A
Critical Success Factor
12
Q
In which risk assessment phase are specific risk scenarios and possible outcomes developed?
A
Risk Identification
13
Q
IRT role documents the steps taken when executing the incident response plan?
A
Incident handler
14
Q
Purpose of a RACI Chart
A
Define various roles associated with aspects of an info Sec program
15
Q
Control category provides warnings that can deter potential compromise?
A
Deterrent Controls
16
Q
What is Cobit 5
A
Framework that cofuses on value from IT by maintaineng a balance between releazing benefits and optimizing risk levels and resource use
17
Q
5 principles of Cobit 5
A
Meeting the stakeholders needs Covering the enterprise end to endpoint Applying a single integrated Framework Enabling a holistic approach Separating governance from management
18
Q
ALE
A
Single loss expect (SLE) X Annualized Rate of occurance (ARO)
ALE=SLE x ARO
19
Q
ARO
A
Annualized rate of occurance
20
Q
AUP
A
Acceptable Use Policy
21
Q
SDO= Service Delivery Objective
A
Level of service supported durign alternate process mode until the normal situation is restored.
22
Q
4 commonly accepted subsets of enterprise architecture according to ISACA
A
Business Architecture
Data “” “”
Applications “” “”
Technology “” ””
23
Q
GRC
A
Governance, Risk Management, Compliance
24
Q
Intangible assets
A
Patents, copyrights, reputation, data
25
What control deters potential compromise
Deterrent Controls
26
IRT role performs proactive and reactive measures to control info risk level
Info Sec manager
27
IRT role takes responsibility for overall incident management and response concept
sec steering group
28
IRT role Makes final decisions regarding incidents
Security Steering Group
29
IRT role Finds root cause of incident
Investigator
30
IRT role performs IT Sec assess/audit as a proactive mensure and part of the vuln management
IT Sec Specialist
31
IRT role Develops and maintains incident management and response capability
Info Sec Manager
32
IRT role Approves incident management team (IMT) Charter
sec steering group
33
IRT role Approves deviations and exceptions to the Incident Response Plan
sec steering group
34
IRT role responsible for coordingating the activities of all other recovery teams and handling key decision making
Emergency Management team
35
4 PERSPECTIVES IN A BALANCED SCORECARD
Financial
Customer
Business Process
Learning and growth
36
Accept the risk
Cost of mitigation to risk is higher than value of asset
37
Exposure
– Extent to which vuln is exposed to threat
38
FRaaS
- Forensics as a service
39
IdaaS
- Identity as a Service
40
PDCA
- Plan, Do, Check, Act
41
IMT
- Incident management Team
42
3 goals of a BIA
Criticality Prioritization
Downtime estimation
Resource Requirement
43
6 outcomes of the info security program according to ISACA
```
Strategic Alignment
Risk Management
Value Delivery
Resource Management
Performance Measurement
Assurance process integration
```
44
What is a qualitative risk analysis?
Determines the magnitude and likelihood of the potential consequences of identified risks
45
5 ISACA phases of incident management lifecycle
```
Planning and prep
Detection, triae, and invetigate
Containment, analysis, tracking, and recovery
Post incident assessment
Incident closure
```
46
What are compensation controls?
control category to reduce risk of exisiting or potential control weakness
47
Least risky cloud deployment model-
Private Cloud
48
Identifies emerging risks and identifies compliance issues
Steering committee
49
Cloud service model LEAST risky
Infrastructure as a service (IaaS)
50
Security Review Scope
mapping of the objective to the aspect that is to be reviewed.
51
Resource management-
ensures human, financial, technical, and knowledge resources are utilized efficiently and effectively
52
Security review objective
= Statement of what is to be determined in the course of the reviewed
53
3 main categories of info Sec threats
Environmental
technical
Man-made
54
SLE
Single Loss Expectancy
55
IRT Role provides assistance in incident management / response when there is a need to investigate an employee?
HR
56
IRT Role performs incident response tasks to contain exposure from an incident?
Incident Handler
57
Which control category warns of violations or attempted violations of a security policy
Detective controls
58
What are the 4 processes in the Total Quality Management (TQM) Cycle?
Plan, Do, Check, Act
59
Type of response that assigns a risk to 3rd party
Risk transfer
60
(BMIS) Buss Model for Info Sec- Interconnection connects the people and process elements
Emergence
61
Recovery site ready within a couple of hours
Hot site
62
According to ISACA purpose of defining an approach for a security review?
To identify the set of activities that cover the scope in a way that meets the objective of the review, given the constraints
63
Which role should require demonstrable alignment of security and business objectives
Board of Directors
64
What is the security review Approach
A set of activities that cover the scope in a way that meets the objective of the review, given the constraints
65
What phase of the incident management life cycle includes implementing IDS, IPS, and SIEM
Detection, Triage, and investigation
66
Which phase of the incident management lifecyle includes detecting and validating incidents?
Detection, Triage, and investigation
67
During which phase of incident response does the org verify if an incident has happened and find out more details about it?
Identify
68
Which outcome of an effective info security program ensures that it addresses the business or mission objectives?
Strategic alignment
69
(BMIS) Buss Model for Info Sec- interconnection connects the process and technology elements?
Enablement and Support
70
Role responsible for managing risk using external providers
Info Sec Manager
71
IRT rol maitains the change of custody and observes incident handling procedures for court purposes?
Incident Handler
72
Incident response role acts as the incident management Team (IMT) leader and main interface to the security Steering Group (SSG)?
Info Sec Manager
73
5 levels of the Capability Maturity Model Integration (CMMI)?
```
Lvl 1 - Iniital
Lvl 2 - Managed
Lvl 3 - Defined
Lvl 4 - Quantitatively Managed
Lvl 5 - Optimizing
```
74
3 main phases of risk management?
Risk identification
Risk analysis
Risk Evaluation
75
4 cloud deployment options
Private
Community
Public
Hybrid
76
Knowledge gained from a quantitative risk analysis
Numerical values assign to impact and likelihood of identified risks
77
Which roles should institute processes to integrate security with business objectives?
Exec or senior management
78
What is meant by external factors
Factors the arise from the environment in which the org operates
79
ISACA- 6 basic outcomes of a security program that is developed from info Sec Governance?
```
Strategic alignment
Risk management
Value Delivery
Resource Optimization
Performance measurement
Assurance process integration
```
80
5 essential characteristics of the cloud?
```
On-demand self service
Broad network access
Resource pooling
Elasticity
Measured Service
```
81
GRC process that records and monitors the policies, procedures, and controls needed to ensure that polcies and standards are followed?
Compliance
82
What are operational metrics?
the common technical and procedural metrics
83
IRT Roles performs complex and in-depth IT security related tasks as part of the incident response plan
IT Security Specialist
84
Phase of the incident management life cycle includes prioritizing and rating incidents
Detection, Triage, investigation
85
What is meant by a metric being SMART?
Specific, Measurable, Attainable, Relevant, Timely
86
4 methods of risk response?
Avoid
Transfer
Mitigate
Access
87
Org role responsible for access authorization for individual or groups?
Department Management
88
Which outcome of an effective info sec program ensures that governance and assurance activities align with info sec activities?
assurance process integration
89
which metrics are often compiled from other management metrics that were designed to indicate that the security program is on track, and on budget to achieve the desired outcomes?
Strategic metrics
90
Which entity is the 1st line of defense in the sec on info?
employees
91
What is meant by the term due diligence?
Research | The idea that there are steps that should be taken by reasonable person of similar competency in similar circumstances
92
What must you FIRST protect against internal and external threats
Identify the potential threats
93
What are controls
The means of managing risk, including policies, procedures, guidelines, practices, or org structures, which can be of an administrative, technical, management, or legal nature
94
Used to determine the current state of risk for an org?
Risk Assessment
95
What are operational metrics?
The common technical and procedural metrics
96
Term defined as rules that run org, include policies, standards, and procedures to set direction and control of the org?
Governance
97
Role that creates the security strategy in alignment with business objectives
CISO or info sec manager
98
4 commonly ISACA subsets of overall enterprise architecture?
Business, Data, Applications, and technology architectures
99
Which org role is responsible for security strategy oversight and alignment
Exec management
100
Phase of the incident managment life cycle includes conducting log and audit analysis
Detection, triage, investigation
101
interconnection connects the People and tech elements in the business model for info sec? (BMIS)?
Human Factors
102
Roles responsible for due care and managing risk?
BoD and senior management
103
What does EF denote?
Exposure Factor
104
Risk assessment phase where identified risks are examined to determine their impacts
Risk Analysis
105
Org role responsible for the IT Audit, but does not usually perform the audit
Info Sec manager
