ISO 27000 Information Security Management Systems Professional



Similar documents
INFORMATION SYSTEMS. Revised: August 2013

ISO Information Technology Service Management Systems Professional

ISO 27002:2013 Version Change Summary

Security Controls What Works. Southside Virginia Community College: Security Awareness

Information Shield Solution Matrix for CIP Security Standards

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

PII Compliance Guidelines

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Governance: The benefits of an Information Security Management System

INFORMATION TECHNOLOGY SECURITY STANDARDS

ISO Controls and Objectives

BYOD Guidance: BlackBerry Secure Work Space

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

Delphi Information 3 rd Party Security Requirements Summary. Classified: Public 5/17/2012. Page 1 of 11

Security aspects of e-tailing. Chapter 7

ISO27001 Controls and Objectives

Newcastle University Information Security Procedures Version 3

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Computer Security Incident Response Team

This is a free 15 page sample. Access the full version online.

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA

Hengtian Information Security White Paper

Acceptance Page 2. Revision History 3. Introduction 14. Control Categories 15. Scope 15. General Requirements 15

Dokument Nr. 521.dw Ausgabe Februar 2013, Rev Seite 1 von d Seite 1 von 11

Computer Security Incident Response Team

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6

Cloud Computing Security Considerations

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Cloud Security and Managing Use Risks

IBX Business Network Platform Information Security Controls Document Classification [Public]

Information security controls. Briefing for clients on Experian information security controls

Information security management systems Specification with guidance for use

Intel Enhanced Data Security Assessment Form

Options for encrypted communication with AUDI AG Version of: 31 May 2011

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

External Supplier Control Requirements

Data Protection Breach Management Policy

Information Technology Branch Access Control Technical Standard

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.

Chapter 23. Database Security. Security Issues. Database Security

05.0 Application Development

Healthcare Compliance Solutions

Security and Privacy Controls for Federal Information Systems and Organizations

Chapter 23. Database Security. Security Issues. Database Security

Information Security Management. Audit Check List

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Information Technology Policy

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Summary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)

Core Fittings C-Core and CD-Core Fittings

TECHNICAL SECURITY AND DATA BACKUP POLICY

Protocol for Acceptable Use of Internet and by Staff E-Safety Procedures Safeguarding & Child Protection Policy

Highland Council Information Security Policy

Smart Open Services for European Patients Open ehealth initiative for a European large scale pilot of patient summary and electronic prescription

PCI Data Security Standards. Presented by Pat Bergamo for the NJTC February 6, 2014

<Insert Picture Here> How to protect sensitive data, challenges & risks

Optum ID Migration for Provider Express Users

Information Security Policies. Version 6.1

E-Control Medicine Prescription Manual

Rotherham CCG Network Security Policy V2.0

How To Protect Decd Information From Harm

Cyber Security Compliance (NERC CIP V5)

Supplier Security Assessment Questionnaire

1B1 SECURITY RESPONSIBILITY

Third Party Security Requirements Policy

Wellesley College Written Information Security Program

BlackBerry 10.3 Work and Personal Corporate

R345, Information Technology Resource Security 1

Identity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015

The Practical Guide to HIPAA Privacy and Security Compliance

Renfrewshire Council. Data protection audit report. Executive summary January 2013

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Vulnerability Management Policy

Den Gode Webservice - Security Analysis

COLORADO STATE UNIVERSITY Financial Procedure Statements FPI 6-6

The Second National HIPAA Summit

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

INFORMATION RISK MANAGEMENT POLICY

Physical Protection Policy Sample (Required Written Policy)

IT ACCESS CONTROL AND USER ACCESS MANAGEMENT POLICY

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

FRAMEWORK. Continuous Process Improvement Risk, Information Security, and Compliance

Supplier Information Security Addendum for GE Restricted Data

Transcription:

ISO 27000 Information Security Management Systems Professional Professional Certifications Sample Questions

Sample Questions 1. A single framework of business continuity plans should be maintained to ensure all plans are consistent, to consistently address information security requirements and to identify priorities for testing and maintenance. Which of the following considerations is INCORRECT as a part of the above framework? A. Determination of the conditions for activating the plans, which describe the process to be followed before each plan is activated B. Temporary procedures which describe the actions to be taken to return to normal business operations C. A schedule which specifies the expiration date of the plan D. Emergency procedures, which describe the actions to be taken after an incident which jeopardizes business operations 2. Before encrypted information or cryptographic controls move from one country to another country, which is the key action? A. There is no key action as all have been taken in initial country B. Mandatory or discretionary methods of access by the countries authorities to information encrypted by hardware or software have to implemented by organization C. Legal advice should be taken D. None of the above Page 2

3. Which of the following, could NOT be included in Information Security Management System documentation: A. A description of the risk assessment methodology B. The risk assessment report C. The scope of the Information Security Management System D. None of the above 4. Which of the following policies can be best hierarchy in High Level General Policies? A. Cryptographic controls policy B. Privacy policy C. Access control policy D. Clear screen policy 5. Which is the key factor that affects the extent of measurement needed for the Information Security Measurement Program? A. The size of the organization B. The complexity of the organization C. The importance of information security D. The combination of the all of the above Page 3

6. In order to achieve the control objective To manage information security within the organization which of the following controls is the most suitable to be applied? A. All identified security requirements should be addressed before giving customers access to the organizations information or assets B. Appropriate contacts with special interest groups or other specialist security forums and professional associations should be maintained C. Rules for the acceptable use of information and assets should be identified, documented and implemented D. None of the above 7. Data output from an application should be validated to ensure that the processing of stored information is correct and appropriate to the circumstances. Which of the following actions could NOT be an output data validation? A. Periodic review of the content of key fields or data files to confirm their validity and integrity B. Reconciliation control counts to ensure processing of all data C. Providing sufficient information for a reader or subsequent processing system to determine the accuracy, completeness, precision and classification of the information D. Creating a log of activities Page 4

8. The systems for managing passwords should be interactive and should ensure quality passwords. When an application requires user passwords to be assigned to an independent authority, which of the following should be applied? A. Enforce a choice of quality passwords B. Allow users to select and change their own passwords and include a confirmation procedure to allow for input errors C. Enforce password changes D. Force users to change temporary passwords at the first log on 9. As a consultant you are advising the IT manager that security incident procedures should be established to handle: A. Information systems failures B. Misuse of information systems C. Malicious code D. All of the above 10. As a Security Officer you have to establish security perimeters in order to protect an area of a new information processing facility. The first step is to: A. Analyze the security requirements and the results of risk assessment in order to define the siting and strength of each of security perimeters B. Define the authentication controls e.g. access control card C. Establish the recorded controls of entry and departure of visitors D. All of the above Page 5

ANSWER KEY for SAMPLE Questions 1 C 2 C 3 D 4 B 5 D 6 B 7 A 8 A 9 D 10 C Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information