Domain 1: Security and Risk Management

Question 1

Code Ethics- tenants and order?

Answer 1

Protect society, behave honorably, do a good job, advance the profession

Question 2

Confidentiality definition and associated risk?

Answer 2

Only authorized people can access the information and the risk is unauthorized disclosure

Question 3

Integrity definition and risk?

Answer 3

Integrity is ensuring information is accurate and complete, and only authorized users can alter/change information. The risk is unauthorized alteration.

Question 4

Availability definition and risk?

Answer 4

Information availability, risk is unauthorized destruction

Question 5

Security governance

Answer 5

The responsibilities and procedures governing security in org

Question 6

Who is ultimately responsible for information security?

Answer 6

Board of directors/CEO - whomever is the head of the head

Question 7

Sec gov principle - aligning?

Answer 7

understand the business and act accordingly.

Question 8

governance committee

Answer 8

governance committee is a group of diverse executives to keep tabs on what’s going on and provide oversight on the security of an org

Question 9

Sec gov principle - involve information security

Answer 9

governance committees and be part of tech acquisitions and such

Question 10

Org roles - common roles - CISO

Answer 10

CISO A senior level exec responsible for overall management and supervision of the info sec program

Question 11

Org roles - common roles - User

Answer 11

Users are everyone - they must agree to security policies and generally follow them within their job role

Question 12

iso 27001

Answer 12

what you should be doing
security control framework

Question 13

iso 27002

Answer 13

How you should be doing it
security control framework

Question 14

NIST 800-53

Answer 14

security control framework

Question 15

NIST sec control framework 5 core functions

Answer 15

Identify, Protect, Detect, Respond, and Recover