Test Questions Flashcards
Which phase of the 6 phase IR model must be followed to determine whether a security incident has occured?
Identification
!st activity for determining the adequacy of the IRP?
Checklist Review
Process to undertake if it is determined that the time to communicate an incident and the response time for acting on the incident is too long
GAP analysis - investigates the diff between current IR capabilities and desired incident response capability
What protects a org after a internal breach of proprietary data
NDA
Info security govern is derived in part from corp governance
True. Info Sec Governance is a subset of corp governance.
What does info sec governance provide
Strategic directions and supports the orgs business goals
Before risk can be prioritized, what must be done?
Perform a BIA
Which risk assessment model organizes risk into a binary tree
FAIR (Factor Analysis on Info Risk. uses binary tree as logical framework for evaluating risk
How is risk evaluted in the FAIR assessment model?
2 areas- Loss event frequency and probable loss magnitude
What is ISO 27005
Framework for assessing risk- Uses elements of Cobit 5
What is the Probalislistic Risk Assessment model (PRA)
A systematic methodology that analyzes risk according to three basic questions - 1. What can go wrong 2. How likely is it? 3 What are the consequences?
What members of the IRT are responsible for ensuring criminal attackers are prosecued?
Legal, Steering group, Info sec manager
What does a info sec manager responsible for?
developing and mantaining IR capabilities, managing risk and incidents and performing proactive and reactive measures
What is a steering group responsible for?
Incident management and response concept, approving charter, approving exceptions/ deviations, and final decisionss
What does incident response manager do?
Supervise tasks related to response, coordinates resources to complete tasks, take responsibility of the incident response plan execution and presents incident response report and lessons learned.
What does IT security specialist do?
performs complex IR tasks and IT security assessment/ audit
What should be done after determining threat level has cahnged
Begin Change Mangement Process- document all details, approve, implement, and test
How to establish a process to protect an orgs assets
1 Bsuiness Impact Analysis 2. Return on Scurity Investment 3. Perform a risk analysis
What is a ROSI
Return on security investment. Determine how much saved by the investment in mitigation methods
What is a risk analysis
Estimates the liklihood of a loss
Most important factor to ensure an IRP will handle security incidents successfully and effectively?
Test all aspects of the plan
Valid method for assessing employees cysec training and awareness?
Phishing tests
What is the 1st ste in the process of developing an info sec program?
Determine desired outcome for security
Example of KPI for determining the performance of the info sec controls and policies
The number of incidents resolved per year within 2 minutes of occurrence