BCS Foundation Certificate in Information Security Management Principles



Similar documents
BCS Certificate in Information Security Management Principles

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

Third Party Security Requirements Policy

INFORMATION TECHNOLOGY SECURITY STANDARDS

University of Sunderland Business Assurance Information Security Policy

Policy Document. Communications and Operation Management Policy

Rotherham CCG Network Security Policy V2.0

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

Data Protection Breach Management Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

How To Protect Decd Information From Harm

Information security policy

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

Supplier Security Assessment Questionnaire

ISO27001 Controls and Objectives

NHS Business Services Authority Information Security Policy

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

ULH-IM&T-ISP06. Information Governance Board

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Internet threats: steps to security for your small business

ISO Controls and Objectives

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

External Supplier Control Requirements

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

NETWORK SECURITY POLICY

Information Security

Network Security: Policies and Guidelines for Effective Network Management

ECSA EuroCloud Star Audit Data Privacy Audit Guide

How To Ensure Network Security

IY2760/CS3760: Part 6. IY2760: Part 6

Information Security Policy

Mike Casey Director of IT

Unit 3 Cyber security

Best Practices For Department Server and Enterprise System Checklist

TELEFÓNICA UK LTD. Introduction to Security Policy

How to complete the Secure Internet Site Declaration (SISD) form

Version: 2.0. Effective From: 28/11/2014

REMOTE WORKING POLICY

University of Brighton School and Departmental Information Security Policy

Information Security: Business Assurance Guidelines

UF IT Risk Assessment Standard

G-Cloud Definition of Services Security Penetration Testing

IT Security. Securing Your Business Investments

External Supplier Control Requirements

Network Security Policy

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Nine Steps to Smart Security for Small Businesses

Newcastle University Information Security Procedures Version 3

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

Cyber and Data Security. Proposal form

Guide to Vulnerability Management for Small Companies

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

A practical guide to IT security

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

University of Aberdeen Information Security Policy

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

ISO Information Security Management Systems Foundation

Four Top Emagined Security Services

The Risks of Cloud Storage

Information Security Programme

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction Policy Statement Purpose...

Guidance on Risk Analysis Requirements under the HIPAA Security Rule

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Service Children s Education

GUIDE TO MANAGING DATA BREACHES

The Ministry of Information & Communication Technology MICT

INFORMATION SECURITY PROCEDURES

Managing IT Security with Penetration Testing

Automation Suite for. 201 CMR Compliance

How To Audit Health And Care Professions Council Security Arrangements

F G F O A A N N U A L C O N F E R E N C E

INFORMATION SECURITY California Maritime Academy

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

Securing the Service Desk in the Cloud

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

ESKISP Conduct security testing, under supervision

Risk Management Guide for Information Technology Systems. NIST SP Overview

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Network Security Policy

Data Security Incident Response Plan. [Insert Organization Name]

SECURITY CONSIDERATIONS FOR LAW FIRMS

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Cyber Essentials Scheme

Better secure IT equipment and systems

Is Your Vendor CJIS-Certified?

Course mechanics. CS 458 / 658 Computer Security and Privacy. Course website. Additional communication

Transcription:

S Foundation ertificate in Information Security Management Principles Specimen Paper Record your surname/last/family name and initials on the nswer Sheet. Specimen paper only. 20 multiple-choice questions 1 mark awarded to each question. Mark only one answer to each question. There are no trick questions. number of possible answers are given for each question, indicated by either... or. Your answers should be clearly indicated on the nswer Sheet. Pass mark is 13/20 This is a specimen paper only. The full exam is 100 multiple choice questions with a pass mark of 65/100. opying of this paper is expressly forbidden without the direct approval of S, The hartered Institute for IT. opyright S 2015 ISMP Specimen Paper Page 1 of 11

1 Quantitative risk assessment is mandatory audit requirement. numerical means to measure comparative risks. emanded by ISO/IE 27001. Only really possible with a computer-based analysis package. 2 The major purpose of information security in an organisation is Implementing controls to reduce risks. Ensuring that confidentiality of information is not breached. Ensuring that computer systems are not hacked. Supporting the effective and efficient achievement of the organisation s business objectives. 3 Most security breaches caused by employees are through Errors. Fraud. Physical damage to equipment. Malicious attacks. 4 Which of the following EST describes business impact? The effect on an organisation of a vulnerability being exploited. The probability of a vulnerability being exploited against an organisation. The effect on an organisation of the controls being adopted. The number of vulnerabilities exploited in a given period. 5 Writing a security policy is important because The ISO/IE 27000 series requires it as part of its set of security documentation. The organisation s oard of irectors knows the issues. It sets out the organisation s formal stance on security for staff and contractors to see. It ensures the security officer knows what they should be doing. 6 The EST approach to risk assessment is to ompile a risk register against all information assets. Send a questionnaire on perceived risks to all staff. Employ an experienced external consultant. Run a risk assessment software package. opyright S 2015 ISMP Specimen Paper Page 2 of 5

7 Information which can be proved true through observation, documents, records, or personal interview is called Objective evidence. orrective action. non-conformity. n opportunity for improvement. 8 The MOST common cause of many internal security incidents is Poor recruitment processes. Lack of security operating procedures. Inadequate network protection measures. Lack of awareness on the part of staff. 9 n example of a control which helps to protect against unintentional disclosure of information is Regular incremental and full backups. formal disciplinary process. lassification labelling of information. Independent review of information security. 10 Useful additions to a security training programme for all staff members are Links to vendor agnostic websites specific to information security. White papers written by subject matter experts in information security. Vendor brochures specific to information security. opies of textbooks specific to information security. 11 omputer viruses are Only a problem with internet connected systems. Potentially very serious. nuisance. Easily detectable. 12 With respect to security, a third party connection contract should specify ll the agreed security requirements of each party. Total compliance with ISO/IE 27000 series. ISO/IE 27000 series certification. common security policy. opyright S 2015 ISMP Specimen Paper Page 3 of 5

13 Non repudiation Protects against the disclosure of information to unauthorised users. Protects against a person denying later that a communication or transaction took place. ssures that a person or system is who or what they claim to be. Protects against unauthorised changes in data whether intentional or accidental. 14 omputer terminals in a stock, shares and bonds dealing room are set up to allow quick acceptance of trades. Which of the following would be the MOST sensible safeguard to limit loss through errors? Thorough staff training in the need to be careful. Separate authorisation of all trades. onfirmation of all trades before committing. onfirmation of trades which are over a set value. 15 Penetration testing is used primarily y hackers. To test physical security. y computer operators. y security specialists. 16 trapdoor is structured programming technique. generally unknown exit out of or entry into a program. network programming technique. programming technique used in real-time systems. 17 What physical control system should be considered to prevent unauthorised access, damage and interference to IT services? losed ircuit TV cameras and alarm systems. efined security procedures. gate access control system requiring a security token. physical security policy. 18 n example of a record of Information Security Management System operation is clear desk policy. formal disciplinary process. usiness continuity plan test results. The procedure for technical conformity checking. opyright S 2015 ISMP Specimen Paper Page 4 of 5

19 For remote access into a company server containing personal information, the one thing all solutions will have in common is virtual private network (VPN). Strong authentication. Encryption. n approved gateway. 20 When setting up a contract with a supplier for hosting cloud services, which of the following safeguards is most important? 1) The ability to recover all information from the cloud if the contract is terminated. 2) The confidentiality and integrity of downloading information from the cloud. 3) The make of hardware used by the hosting supplier. 4) The service level requirement for availability of the information. 1, 2 and 4 only. 2 and 3 only. 1 and 4 only. 1, 3 and 4 only. -End of Paper- opyright S 2015 ISMP Specimen Paper Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information