Lecture 12

Question 1

What is social engineering?

Answer 1

A psychological manipulation technique used to trick people into giving away sensitive information.

Question 2

What is Information Security Governance?

Answer 2

The strategic direction and risk management process to ensure security objectives are met.

Question 3

What is the COBIT framework?

Answer 3

A governance framework that helps organizations manage IT risks and align IT with business objectives.

Question 4

What are the four steps of the policy lifecycle?

Answer 4

Plan, Implement, Monitor, and Evaluate.

Question 5

What is the difference between a policy and a guideline?

Answer 5

Policy is a mandatory rule, while guideline is a recommendation that is not enforced.

Question 6

What are examples of security policies?

Answer 6

• Acceptable Use Policy
• Password Policy
• Data Protection Policy
• Incident Response Policy

Question 7

What are the three principles of personnel security?

Answer 7

• Least Privilege
• Separation of Duties
• Limited reliance on key employees

Question 8

What are key components of Business Continuity Planning (BCP)?

Answer 8

• Data backups
• Disaster recovery sites
• Key personnel replacement strategies

Question 9

What is the main goal of Access Control?

Answer 9

To ensure only authorized users have access to sensitive information and systems.

Question 10

What is IT Security Operations?

Answer 10

The continuous process of maintaining and protecting IT systems through monitoring, auditing, and response.