Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Introduction to IT Security > Security Management - Standards > Flashcards

Security Management - Standards Flashcards

1
Q

What is Risk Managament about?

A
  • Risk identification(easy)
  • Risk assessment (easy)
  • Risk treatment (hard)
  • Risk mitigationplan
  • Implementation
  • Review and evaluation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is ISMS?

A

Information Security Management System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is ISMS about?

A
  • systematic approach to managing sensitive company information so that it remains secure
  • Includes people, processes, documents, and IT systems by applying a risk management process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is ISO 27002:2013?

A

Guidelines for organisational information security standards and management practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name a few groups of ISO 27002:2013

A

Information security policies

  • Organisation of information security
  • Human resource security
  • Asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • Systems acquisition, development and maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity management
  • Compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Name some of the elementary threats listed in the BSI base protection

A
  • Fire, water, local events/catastrophes
  • Loss of service by supplier (e.g. power, connectivity)
  • Electromagnetic emanation, wiretapping, espionage
  • Theft, destruction, loss of devices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what should be considered if a employee joins/leaves the organisation

A
  • Background checks (prediction of future behaviour based on past)
  • Access management (configuration of access rights matching to current tasks/position)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you prevent that adversaries access facilities, resources or information stored on physical media?

A
  • restrict access to buildings, rooms, equipment(guards, locks, escorts, surveillance)
  • Restriction of movement of equipment, storage media(locks, trackers)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is CVE?

A

CVE Common Vulnerabilities and Exposures

list of identifiers and descriptions for discovered vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

decribe the process of a CVE entry assignment

A
  1. Discovery of potential vulnerability or exposure
  2. Assignmentof CVE ID by numberingauthority
    - Description
    - References
  3. Posting of CVE entryto list by primary numbering authority
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Introduction to IT Security (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions