BCS Certificate in Information Security Management Principles



Similar documents
BCS Foundation Certificate in Information Security Management Principles

Data Protection Breach Management Policy

Information security policy

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

NHS Business Services Authority Information Security Policy

INFORMATION TECHNOLOGY SECURITY STANDARDS

Third Party Security Requirements Policy

Information Security

How To Protect Decd Information From Harm

University of Sunderland Business Assurance Information Security Policy

How To Ensure Network Security

5 Tools For Passing a

ISO27001 Controls and Objectives

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

Information Protection Readiness for Securing Personal Information

Policy Document. Communications and Operation Management Policy

Rotherham CCG Network Security Policy V2.0

ISO Controls and Objectives

Course mechanics. CS 458 / 658 Computer Security and Privacy. Course website. Additional communication

External Supplier Control Requirements

ICT Policy. Executive Summary. Date of ratification Executive Team Committee 22nd October Document Author(s) Collette McQueen

Information Security: Business Assurance Guidelines

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

ULH-IM&T-ISP06. Information Governance Board

ECSA EuroCloud Star Audit Data Privacy Audit Guide

Data Security Incident Response Plan. [Insert Organization Name]

ISO Information Security Management Systems Foundation

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

Supplier Security Assessment Questionnaire

The potential legal consequences of a personal data breach

CS 458 / 658 Computer Security and Privacy. Course mechanics. Course website. Module 1 Introduction to Computer Security and Privacy.

Incident reporting procedure

Network Security: Policies and Guidelines for Effective Network Management

A practical guide to IT security

Newcastle University Information Security Procedures Version 3

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

Information Security Policy

Mike Casey Director of IT

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

Information Security Policy

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Internet threats: steps to security for your small business

Stellenbosch University. Information Security Regulations

GENERAL CONDITIONS OF USE OF COMPUTING AND NETWORK FACILITIES

IY2760/CS3760: Part 6. IY2760: Part 6

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Best Practices For Department Server and Enterprise System Checklist

IM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction Policy Statement Purpose...

Version 1.0. Ratified By

NETWORK SECURITY POLICY

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

Network Security Policy

Information Governance Policy (incorporating IM&T Security)

How to Practice Safely in an era of Cybercrime and Privacy Fears

INFORMATION SECURITY PROCEDURES

Nine Steps to Smart Security for Small Businesses

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

Guidance on the Use of Portable Storage Devices 1

Cyber and Data Security. Proposal form

Information Management and Security Policy

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

Unit 3 Cyber security

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

Network Security Policy

TELEFÓNICA UK LTD. Introduction to Security Policy

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

by: Scott Baranowski Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

Information Security

Portable Devices and Removable Media Acceptable Use Policy v1.0

Level 3 Cambridge Technical in IT 05839/ 05840/ 05841/ Unit 3 Cyber security. Date Morning/Afternoon Time Allowed: 1 hour

Version: 2.0. Effective From: 28/11/2014

Highland Council Information Security Policy

ISO IEC ( ) TRANSLATED INTO PLAIN ENGLISH

GUIDE TO MANAGING DATA BREACHES

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Information Security Programme

Somerset County Council - Data Protection Policy - Final

Service Level Standard

Mitigating and managing cyber risk: ten issues to consider

USB Portable Storage Device: Security Problem Definition Summary

ITAR Compliance Best Practices Guide

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

NETWORK SECURITY POLICY

HACKED: Data Breach Scenario

information systems security policy...

4. Identify the security measures provided by Microsoft Office Access. 5. Identify the methods for securing a DBMS on the Web.

Small businesses: What you need to know about cyber security

Information Security Management. Audit Check List

Transcription:

S ertificate in Information Security Management Principles Sample Paper (Only 20 Questions) 2 Hour Examination Record your surname/last/family name and initials on the nswer Sheet, writing in block capitals at the top and marking the relevant letter in each column. ttempt all 100 multiple-choice questions 1 mark awarded to each question. Mark only one answer to each question. There are no trick questions. number of possible answers are given for each question, indicated by either... or. Your answers should be indicated on the nswer Sheet by making a solid pencil mark inside the box representing your chosen answer. These can be found to the right of the question number on your nswer Sheet. If you make a mistake, erase your first mark, and put a mark in your new chosen answer column for that question. Pass mark is 65/100 opying of this paper is expressly forbidden without the direct approval of S, The hartered Institute for IT. opyright S 2012 Sample Paper Version 1.6 ugust 2012 Page 1 of 6

This page is intentionally blank. opyright S 2012 Sample Paper Version 1.6 ugust 2012 Page 2 of 6

1 Quantitative risk assessment is mandatory audit requirement. numerical means to measure comparative risks. emanded by ISO/IE 27001. Only really possible with a computer-based analysis package. 2 The major purpose of information security in an organisation is Implementing controls to reduce risks. Ensuring that confidentiality of information is not breached. Ensuring that computer systems are not hacked. Supporting the effective and efficient achievement of the organisation s business objectives. 3 Most security breaches caused by employees are through Errors. Fraud. Physical damage to equipment. Malicious attacks. 4 Which of the following EST describes business impact? The effect on an organisation of a vulnerability being exploited. The probability of a vulnerability being exploited against an organisation. The effect on an organisation of the controls being adopted. The number of vulnerabilities exploited in a given period. 5 Writing a security policy is important because The ISO/IE 27000 series requires it as part of its set of security documentation. The organisation s oard of irectors knows the issues. It sets out the organisation s formal stance on security for staff and contractors to see. It ensures the security officer knows what they should be doing. opyright S 2012 Sample Paper Version 1.6 ugust 2012 Page 3 of 6

6 What is the name of the scheme that aims to ensure US companies abide by the European Union legislation on the privacy of personal data? Safe Harbor. Madrid Protocol. Wassenaar greement. WIPRO. 7 Information which can be proved true through observation, documents, records, or personal interview is called Objective evidence. orrective action. non-conformity. n opportunity for improvement. 8 The MOST common cause of many internal security incidents is Poor recruitment processes. Lack of security operating procedures. Inadequate network protection measures. Lack of awareness on the part of staff. 9 n example of a control which helps to protect against unintentional disclosure of information is Regular incremental and full backups. formal disciplinary process. lassification labelling of information. Independent review of information security. 10 Useful additions to a security training programme for all staff members are Links to vendor agnostic websites specific to information security. White papers written by subject matter experts in information security. Vendor brochures specific to information security. opies of textbooks specific to information security. opyright S 2012 Sample Paper Version 1.6 ugust 2012 Page 4 of 6

11 omputer viruses are Only a problem with internet connected systems. Potentially very serious. nuisance. Easily detectable. 12 With respect to security, a third part connection contract should specify ll the agreed security requirements of each party. Total compliance with ISO/IE 27000 series. ISO/IE 27000 series certification. common security policy. 13 Non repudiation Protects against the disclosure of information to unauthorised users. Protects against a person denying later that a communication or transaction took place. ssures that a person or system is who or what they claim to be. Protects against unauthorised changes in data whether intentional or accidental. 14 omputer terminals in a stock, shares and bonds dealing room are set up to allow quick acceptance of trades. Which of the following would be the MOST sensible safeguard to limit loss through errors? Thorough staff training in the need to be careful. Separate authorisation of all trades. onfirmation of all trades before committing. onfirmation of trades which are over a set value. 15 Penetration testing is used primarily y hackers. To test physical security. y computer operators. y security specialists. opyright S 2012 Sample Paper Version 1.6 ugust 2012 Page 5 of 6

16 trapdoor is structured programming technique. generally unknown exit out of or entry into a program. network programming technique. programming technique used in real-time systems. 17 What physical control system should be considered to prevent unauthorised access, damage and interference to IT services? losed ircuit TV cameras and alarm systems. efined security procedures. gate access control system requiring a security token. physical security policy. 18 n example of a record of Information Security Management System operation is clear desk policy. formal disciplinary process. usiness continuity plan test results. The procedure for technical conformity checking. 19 Which of the following is a hashing algorithm used for? alculating random numbers. Encrypting emails. Mixing up user names. reating passwords. 20 When setting up a contract with a supplier for hosting cloud services, which of the following safeguards is most important? 1) The ability to recover all information from the cloud if the contract is terminated. 2) The confidentiality and integrity of downloading information from the cloud. 3) The make of hardware used by the hosting supplier. 4) The service level requirement for availability of the information. 1, 2 and 4 only. 2 and 3 only. 1 and 4 only. 1, 3 and 4 only. opyright S 2012 Sample Paper Version 1.6 ugust 2012 -End of Paper- Page 6 of 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information