Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Domain1: laws Regulations & Compliance and investigations > Flashcards

Domain1: laws Regulations & Compliance and investigations Flashcards

1
Q

What 3 main security objectives of security fundamentals?

A
  • Availability
  • Integrity
  • Confidentiality
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

3 example of Tangible assets

A

*Computers
*Facilities
*Supplies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 example of Intangible assets

A

*Reputation
*Data
*Intellectual property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is risk analysis? explain

A

Risk Analysis is a part of overall Risk Management. Risk Analysis is used to determine whether security is cost effective, relevant, timely and responsive to threats. Risk Analysis helps prioritize their risks and how much money should be spent to safeguard against risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Steps in risk analysis

A
  1. Risk Identification
    * Determine risks, identify hazards,
    * Who or what can be harmed and how?
  2. Implement policies and controls
  3. Monitor systems and practices involved
  4. Promote awareness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk analysis process

A

Step 1: Asset and Information Value
Assignment

Step 2: Risk Analysis andAssessment

Step 3: Countermeasure Selection
and Implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

3 types of security policies

A

*Organizational Policy
*Issue Specific Policy
*System Specific Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is security policy?

A

An overall general statement produced by senior management that dictates what role security plays within the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security program lifecycle

A
  1. Plan & Organize
  2. Implement
  3. Operate & Maintain
  4. Monitor & Evaluate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Who appoints a Security Officer (CSO and/or CISO)?

A

Senior management appoints a Security Officer (CSO
and/or CISO).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Six principal of cobit

A
  1. Meet stakeholder needs,
  2. Holistic approach,
  3. Dynamic governance system,
  4. Distinct governance from management,
  5. Tailored to enterprise needs,
  6. End-to-end governance system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Domains of COBIT

A
  1. Plan and Organize
  2. Acquire and Implement
  3. Deliver and Support
  4. Monitor and Evaluate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is security Governance?

A

Information security governance is all of the tools, personnel and
business processes that ensure that security is carried out to meet an organization’s specific needs”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Committee of Sponsoring Organizations of the Treadway Commission (COSO) Areas:

A
  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information and Communication
  5. Monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Fullform of ITIL

A

The Information Technology
Infrastructure Library

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is ISO/IEC 27000 Series

A

Set of standards for infosec that describe security processes
and mechanism
it Can be used as blueprint to develop security program
Companies can implement and be certified to provide
confidence to customers and business partners

CISSP (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions