Domain 5 Task Statements

Question 1

Domain 5—Protection of Information Assets (25%)

Answer 1

Provide assurance that the organization’s policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets.

Question 2

T5.1

Answer 2

Evaluate the information security and privacy policies, standards and procedures for completeness, alignment with generally accepted practices and compliance with applicable external requirements.

Question 3

T5.2

Answer 3

Evaluate the design, implementation, maintenance, monitoring and reporting of physical and environmental controls to determine whether information assets are adequately safeguarded.

Question 4

T5.3

Answer 4

Evaluate the design, implementation, maintenance, monitoring and reporting of system and logical security controls to verify the confidentiality, integrity and availability of information.

Question 5

T5.4

Answer 5

Evaluate the design, implementation and monitoring of the data classification processes and procedures for alignment with the organization’s policies, standards, procedures and applicable external requirements.

Question 6

T5.5

Answer 6

Evaluate the processes and procedures used to store, retrieve, transport and dispose of assets to determine whether information assets are adequately safeguarded.

Question 7

T5.6

Answer 7

Evaluate the information security program to determine its effectiveness and alignment with the organization’s strategies and objectives.