Lesson 4

Question 1

The process of identifying and controlling threats.

Answer 1

Risk Management

Question 2

Risks can stem from: (5)

Answer 2

Financial Uncertainties
Legal Liabilities
Technology Issues
Strategic Management Errors
Accidents and Natural Disasters

Question 3

The process to achieve and maintain appropriate levels of key security services. (integrity, confidentiality, availability, reliability, accountability, authenticity)

Answer 3

Security Management

Question 4

The IT Security Management Functions include: (8)

Answer 4

⚬ organizational IT security objectives, strategies and policies
⚬ determining organizational IT security requirements
⚬ identifying and analyzing security threats to IT assets
⚬ identifying and analyzing risks
⚬ specifying appropriate safeguards
⚬ monitoring the implementation and operation of safeguards
⚬ developing and implement a security awareness program
⚬ detecting and reacting to incidents

Question 5

An ISO 27000 security standard for vocabulary and standard definition.

Answer 5

ISO 27000

Question 6

An ISO 27000 standard for information security specifications.

Answer 6

ISO 27001

Question 7

An ISO 27000 standard for code of practice and a comprehensive set of security controls.

Answer 7

ISO 27002 (ISO 17799)

Question 8

An ISO 27000 standard for implementation guidance.

Answer 8

ISO 27003

Question 9

An ISO 27000 standard for management measurement.

Answer 9

ISO 27004

Question 10

An ISO 27000 standard for information security risk management.

Answer 10

ISO 27005

Question 11

An ISO 27000 standard for the management of IT security.

Answer 11

ISO 13335

Question 12

Which phase of the Deming Cycle establishes policy and defines objectives?

Answer 12

Plan

Question 13

Which phase of the Deming Cycle deals with mplementation and operation?

Answer 13

Do

Question 14

Which phase of the Deming Cycle assesses, measures, and reports results?

Answer 14

Check

Question 15

Which phase of the Deming Cycle deals with taking action based on audit reports?

Answer 15

Act

Question 16

Which organizational context deals with wanted security outcomes?

Answer 16

Objectives

Question 17

Which organizational context deals with how to meet objectives?

Answer 17

Strategies

Question 18

Which organizational context deals with identifying what needs to be done?

Answer 18

Policies

Question 19

IT security must be supported by _______.

Answer 19

Senior Management

Question 20

Provide consistent overall supervision; manage processes, handle incidents.

Answer 20

IT Security Officer/s

Question 21

Critical component, Assets VS Risks; based on organizational risk profiles.

Answer 21

Security Risk Assessment

Question 22

What are the approaches of a security risk assessment? (4)

Answer 22

Baseline
Informal
Formal/Detailed
Combined

Question 23

Uses industry-best practices; cheap, has no special consideration; suitable for small organizations.

Answer 23

Baseline Approach