Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

HCISSP ISC2 > Security Management - Standards > Flashcards

Security Management - Standards Flashcards

1
Q

What is Risk Management about?

A

1) Risk identification(easy)
2) Risk assessment (easy)
3) Risk treatment (hard)
4) Risk mitigation plan
5) Implementation
6) Review and evaluation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is ISMS?

A

Information Security Management System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is ISMS about?

A

It is a systematic approach to managing sensitive company information so that it remains secure that Includes people, processes, documents, and IT systems by applying a risk management process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is ISO 27002:2013?

A

Guidelines for organizational information security standards and management practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name a few groups of ISO 27002:2013

A

1) Information security policies
2) Organization of information security
3) Human resource security
4) Asset management
5) Access control
6) Cryptography
7) Physical and environmental security
8) Operations security
9) Communications security
10) Systems acquisition, development and maintenance
11) Supplier relationships
12) Information security incident management
13) Information security aspects of business continuity management
14) Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Name some of the elementary threats listed in the BSI base protection

A
  • Fire, water, local events/catastrophes
  • Loss of service by supplier (e.g. power, connectivity)
  • Electromagnetic emanation, wiretapping, espionage
  • Theft, destruction, loss of devices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What should be considered if a employee joins/leaves the organization?

A

1) Background checks (prediction of future behaviour based on past)
2) Access management (configuration of access rights matching to current tasks/position)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How can you prevent that adversaries access facilities, resources or information stored on physical media?

A

1) restrict access to buildings, rooms, equipment(guards, locks, escorts, surveillance)
2) Restriction of movement of equipment, storage media(locks, trackers)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is CVE?

A

CVE Common Vulnerabilities and Exposures

This is a list of identifiers and descriptions for discovered vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Decribe the process of a CVE entry assignment.

A
  1. ) Discovery of potential vulnerability or exposure
    2) Assignment of CVE ID by numbering authority
    - Description
    - References
    3) Posting of CVE entry t o list by primary numbering authority
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

HCISSP ISC2 (56 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions