Information Security Strategy Standards Flashcards
With its rapidly growing level of business, a company wants a process-based approach for establishing an information security management system.
Which standard should the company use for this purpose?
- HIPAA
- ISO 27001
- PCI DSS
- Six Sigma
ISO 27001
An organization is seeking to enhance its information security measures. The organization wants guidelines for the integration of information security into operational plans.
Which standard provides these guidelines?
- ISO 27001
- PCI DSS
- ISO 9001
- Six Sigma
ISO 27001
An organization that operates completely within the U.S. needs guidelines for creating a disaster recovery plan to restore information systems after an attack.
What should this organization use to obtain the needed guidelines?
- ISO 9001
- IEEE 802
- NIST Framework
- Six Sigma
NIST Framwork
A business owner is working on bolstering information security and is especially concerned about protecting user identities.
Which tool should the business owner use to address this concern?
- Peer-to-peer architecture
- System auditing
- Employee education
- Identity management
Identity management
A cross-functional team is working with a vendor to develop and implement information system policies in response to the growing use of customer information and networking within business operations. The team is currently addressing concerns about unauthorized access to stored customer information.
Which type of controls should this team create?
- Software
- Computer operations
- Data security
- Hardware
Data security
A small business owner has concerns about information security but is not sure where to begin.
What should this business owner do first?
- Educate employees on the dangers of phishing attacks
- Install an intrusion detection system
- Implement administrative controls
- Conduct a risk assessment
Conduct a risk assessment
A company recently experienced an internal information security breach, but the company is reluctant to report the computer crime.
Which reason explains why the company is reluctant to report the crime?
- The extent of the damage is not yet known.
- The crime involves employees.
- The vulnerability has not yet been fixed.
- The vulnerability was unknown.
The crime involves employees.
A financial firm serving tens of millions of clients was recently the target of a cybercrime attack. Valuable company data and sensitive customer data were copied, resulting in harm to both customers and the company.
What is a societal consequence related to this large-scale attack?
- Shift away from business technology use
- Higher prices for goods and services
- Reduced labor availability
- Loss of public trust
Loss of public trust
A national retailer reported that computer hackers were able to penetrate their information system and steal sensitive company and customer data, potentially affecting millions of customers and threatening business operations.
Which societal consequence is expected for this large-scale attack?
- Reduced labor availability
- Shift away from business technology use
- More stringent regulatory oversight
- Higher prices for goods and services
More stringent regulatory oversight
A company is updating its information security policies after several updates and changes have been made to its enterprise information system. One component of the new policies indicates that management is only allowed access to employee data that is necessary and directly related to a defined business task.
Which ethical concern is addressed by the policy?
- Justice
- Transparency
- Due process
- Privacy
Privacy
An online retailer has experienced rapid growth over the past several years and has decided to revisit its information security policies. Among many changes, one aspect indicates that a specific team will be established to handle internal policy disputes or questions of conduct.
Which ethical concern is addressed by this aspect of the new policies?
- Human welfare
- Justice
- Due process
- Proportionality
Due Process
