study set 1

Question 1

What are the 4 codes of Ethics?

Answer 1

1. Protect the Society, commonwealth and the infrastructure
2. Act Honorably, honestly, justly, responsibly, and legally
3. Provide Diligent and competent Service to principals
4. Advance and protect the profession

Question 2

Known as a Program Policy

Answer 2

Organizational security Policy

Question 3

ISO 27002

Answer 3

Provides practical Advice for HOW TO implement Security controls, use 10 domain to Address ISMS

Question 4

ISO 27005

Answer 4

Approach To Risk Management

Question 5

What are The Risk control Frameworks?

Answer 5

1. COSO
2. COBIT
3. ISO 27001
4. NIST 800_53 (government agencies)

Question 6

Long term focus on sustaining Operation of the business following a Disaster

Answer 6

Business Recovery Plan

Question 7

What type of policy is Mandatory with High level statements that supports strategic Goals of the Organization.

Answer 7

Organizational security Policy

Question 8

A Risk Methodologies that focuses on IT Systems not the Organizational Strategy

Answer 8

NIST SP 800-30

Question 9

A system meets the requirements of the Data Owner is called?

Answer 9

Certification

Question 10

A dollar figure that represents what the asset is worth to the organization

Answer 10

(AV) Asset Value

Question 11

ITADA

Answer 11

Identity Theft and Assumption Deterrence Act

Question 12

BIA

Answer 12

Business Impact Analysis

Question 13

ECPA

Answer 13

Electronic communication Privacy Act

Restricts Governments of interception of communications

Question 14

CISO

Answer 14

Chief Info Security Officer

Question 15

SCI

Answer 15

Sensitive Compartmented Information

Question 16

Which standard comes from ISACA?

Answer 16

COBIT

Question 17

Responding to a Risk is called?

Answer 17

Risk Mitigation

Question 18

The Key items in privacy protection for DATA Processors are?

Answer 18

Training and Auditing

Question 19

To identify Assets, threats and vulnerabilities

Answer 19

Risk Assessment

Question 20

The 7 phases of BCP

Answer 20

1. Project Initiation
2. Business Impact Analysis
3. Recovery Strategy
4. Plan Design and Development
5. Implementation
6. Testing
7. Maintenance

Question 21

Will help you decide the correct risk mitigation Strategy?

Answer 21

Cost / Benefit Analysis

Question 22

ISO 27004

Answer 22

Metrics

Question 23

TCO

Answer 23

Total cost of Ownership
The total cost of implementing a safeguard.
includes maintenance fees

Question 24

Ensures that the state holders needs conditions and options are evaluated.

Answer 24

Governance

Question 25

How long is a trademark?

Answer 25

10 years

Question 26

What are the Steps in Risk Management?

Answer 26

1. Risk Assessment
2. Risk Analysis
3. Risk Mitigation
4. Risk Monitoring

Question 27

ESI

Answer 27

Electronically Stored information

Question 28

Instance of a compromise

Answer 28

Exploit

Question 29

System specific policy

Answer 29

Is Geared towards use of networks, systems, and approved software lists

Question 30

A Risk assessment that use Qualitative analysis to calculate An Risk value

Answer 30

FRAP?

Question 31

Vertical Control and Horizontal Control are?

Answer 31

(SCI) Sensitive Compartmented Information Government

Question 32

Determining which portions of the a standard an organization will use?

Answer 32

Scoping

Question 33

Who handles the Day to Day Data Governance

Answer 33

Data Steward

Question 34

The 3 Risk Methodologies?

Answer 34

1. Octave
2. Frap
3. NIST 800-30

Question 35

What process finds trust boundaries and data flow paths?

Answer 35

Reduction Analysis

Question 36

ISO 27001

Answer 36

Establishment Implementation of controls and improvements of ISMS.

Follow the PDCA

Question 37

What are the 9 steps in NIST 800-30

Answer 37

1. System characterization
2. Threat Identification
3. Vulnerability Identification
4. Control Analysis
5. Likelihood Determination
6. Impact Analysis
7. Risk Determination
8. Control Recommendations
9. Results Documentation

Question 38

A Scheme for classifying Data with Categories?

Answer 38

Taxonomy

HR, Executives, union, ETC…

Question 39

An analysts to identify assets and their criticality, identify Vulnerabilities and threats and base the protection strategy to reduce Risk

Answer 39

OCTAVE

Question 40

What are the 7 steps to implement a Classification Scheme?

Answer 40

1. Identity Custodian
2. Specify Evaluation Criteria
3. Classify and Label each Resource
4. Document Exceptions
5. Select Security Controls
6. Specify declassification Procedures
7. create Awareness Program