A couple of years ago you started your company which has now grown from 1 to 20 employees. Your company's information is worth more and more and gone are the days when you could keep control yourself. You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with a qualitative risk analysis.
What is a qualitative risk analysis?
A. This analysis follows a precise statistical probability calculation in order to calculate exact loss caused by damage.
B. This analysis is based on scenarios and situations and produces a subjective view of the possible threats.
Which threat could occur if no physical measures are taken?
A. Unauthorised persons viewing sensitive files
B. Confidential prints being left on the printer
C. A server shutting down because of overheating
D. Hackers entering the corporate network
Which of the following is an information security management system standard published by the International Organization for Standardization?
A. ISO9008
B. ISO27001
C. ISO5501
D. ISO22301
A decent visitor is roaming around without visitor's ID. As an employee you should do the following, except:
A. Say "hi" and offer coffee
B. Call the receptionist and inform about the visitor
C. Greet and ask him what is his business
D. Escort him to his destination
Who is responsible for Initial asset allocation to the user/custodian of the assets?
A. Asset Manager
B. Asset Owner
C. Asset Practitioner
D. Asset Stakeholder
Backup media is kept in the same secure area as the servers. What risk may the organisation be exposed to?
A. Unauthorised persons will have access to both the servers and backups
B. Responsibility for the backups is not defined well
C. After a fire, the information systems cannot be restored
D. After a server crash, it will take extra time to bring it back up again
What type of measure involves the stopping of possible consequences of security incidents?
A. Corrective
B. Detective
C. Repressive
D. Preventive
A member of staff denies sending a particular message.
Which reliability aspect of information is in danger here?
A. availability
B. correctness
C. integrity
D. confidentiality
What type of system ensures a coherent Information Security organisation?
A. Federal Information Security Management Act (FISMA)
B. Information Technology Service Management System (ITSM)
C. Information Security Management System (ISMS)
D. Information Exchange Data System (IEDS)
In the event of an Information security incident, system users' roles and responsibilities are to be observed, except:
A. Report suspected or known incidents upon discovery through the Servicedesk
B. Preserve evidence if necessary
C. Cooperate with investigative personnel during investigation if needed
D. Make the information security incident details known to all employees