ISO 27000 Information Security Management Systems Foundation



Similar documents
ISMS Implementation Guide

Security Controls What Works. Southside Virginia Community College: Security Awareness

Incident categories. Version (final version) Procedure (PRO 303)

Information technology Security techniques Information security management systems Overview and vocabulary

16) INFORMATION SECURITY INCIDENT MANAGEMENT

Road map for ISO implementation

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS

Safeguards Frameworks and Controls. Security Functions Parker, D. B. (1984). The Many Faces of Data Vulnerability. IEEE Spectrum, 21(5),

ISO Controls and Objectives

Incident Reporting Guidelines for Constituents (Public)

Computer Forensics Preparation

ISO 27001: Information Security and the Road to Certification

INFORMATION SECURITY PROCEDURES

Course: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management

Information Security Risks when going cloud. How to deal with data security: an EU perspective.

University of Colorado at Denver and Health Sciences Center HIPAA Policy. Policy: 9.2 Latest Revision: 04/17/2005 Security Incidents Page: 1 of 9

Information Security Incident Management Process

INFORMATION SECURITY Humboldt State University

অপন র গ র ত বপ র ণ মত মত ননম ননন ত ই-মমইল ম রর কর য ল

Information security risk management using ISO/IEC 27005:2008

Polish Financial Supervision Authority. Guidelines

National Cyber Security Policy -2013

Information Incident Management Policy

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation

Information Security Policies and Procedures Development Framework for Government Agencies. First Edition AH

INFORMATION SECURITY California Maritime Academy

Information Security and Risk Management

Incident Categories (Public) Version (Final)

NSW Government Digital Information Security Policy

Cybersecurity Awareness. Part 1

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

ISO27001 Controls and Objectives

(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)

Information Security Organizations trends are becoming increasingly reliant upon information technology in

BUDGET LETTER PEER-TO-PEER FILE SHARING , , EXECUTIVE ORDER S-16-04

RUTGERS POLICY. Section Title: Legacy UMDNJ policies associated with Information Technology

Domain 5 Information Security Governance and Risk Management

Network Security: Policies and Guidelines for Effective Network Management

John Essner, CISO Office of Information Technology State of New Jersey

ISO IEC ( ) TRANSLATED INTO PLAIN ENGLISH

Fujitsu s Approach to Cloud-related Information Security

NSW Government Digital Information Security Policy

Computer Security: Principles and Practice

Incident Response Plan for PCI-DSS Compliance

(Instructor-led; 3 Days)

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Information Technology Security Training Requirements APPENDIX A. Appendix A Learning Continuum A-1

CITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

CLASSIFICATION SPECIFICATION FORM

Boston University Security Awareness. What you need to know to keep information safe and secure

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Performing Effective Risk Assessments Dos and Don ts

EXAM PREPARATION GUIDE

Principle of Information Security. Asst. Prof. Kemathat Vibhatavanij Ph.D.

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

INFORMATION TECHNOLOGY SECURITY STANDARDS

(voľný riadok písmo Arial 12) ENTERPRISE RISK MANAGEMENT AND THE INFORMATION SECURITY

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

T141 Computer Systems Technician MTCU Code Program Learning Outcomes

Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs

PROCEDURE FOR SECURITY RISK MANAGEMENT IN PPC S.A. INFORMATION TECHNOLOGY SYSTEMS DA-1

Outsourcing and Information Security

Information Security Management Systems

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

Information Technology Policy

UCF Security Incident Response Plan High Level

IT Governance: The benefits of an Information Security Management System

Italy. EY s Global Information Security Survey 2013

Acceptable Use Policy

NIST National Institute of Standards and Technology

DUUS Information Technology (IT) Incident Management Standard

Berwick Academy Policy on E Safety

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Cyber Security Incident Reporting Scheme

C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)

How To Ensure The C.E.A.S.A

How To Protect Your Computer System From Being Hacked

Exam 1 - CSIS 3755 Information Assurance

Managing e-health data: Security management. Marc Nyssen Medical Informatics VUB Master in Health Telematics KIST

Guidelines 1 on Information Technology Security

Chapter 4 Information Security Program Development

Transcription:

ISO 27000 Information Security Management Systems Foundation Professional Certifications Sample Questions

Sample Questions 1. is one of the industry standards/best practices in Service Management and Quality management systems. A. ITIL B. SixSigma C. CobiT D. All of the above 2. In an access control policy, it is recommended to avoid: A. Everything is generally permitted unless expressly forbidden B. Everything is generally forbidden unless expressly permitted C. Usage of standard user access profiles for common job roles in the organization D. Process for removal of access rights 3. Which of the following elements should be considered when confidentiality agreements with employee are signed? A. Responsibilities regarding hardware and software installation and maintenance B. The permitted use of confidential information and rights of the signatory to use information C. The establishment of an escalation process for problem resolution D. All of the above Page 2

4. The process approach for information security management encourages its user to emphasize the implementation of: A. Monitoring and reviewing the performance of implementing controls B. Implementing and operating controls to manage an organization s information security risks in the context of the organization s overall business risks C. Continual improvement based on incident s experience 5. In order to define the detailed scope and boundaries for the Information Security Management System (ISMS), the following are necessary: a) Define the organizational scope and boundaries b) Define Information Communication Technology (ICT) scope and boundaries c) Define physical scope and boundaries The consideration ISMS Management forum should be consisted of managers directly involved in the scope of ISMS in which case should best taking into account? A. Organizational scope and boundaries B. ICT scope and boundaries C. Physical scope and boundaries 6. During the audit there should be frequent exchange of information among members of the audit team in order to: A. Ensure that all of the audit objectives are met. B. Ensure that as many nonconformities as possible are found. C. (A) and (B) Page 3

7. As a Human Resource manager, you have to hire new personnel for a job that has to do with handling of highly confidential information. Which of the following verification checks are you going to implement? A. Availability of satisfactory character references and check of the curriculum vitae B. Credit checks, checks of criminal records an independent identity check C. The above and further more detailed checks D. Appropriate checks described in relevant procedures that define criteria and limitations (e.g. regulations, laws, ethics) 8. Which of the following is NOT a malicious code? A. Logic bombs B. Hash C. Viruses and worms 9. According to ISO/IEC 27001 requirements the security requirements should be identified and agreed prior to the development and / or implementation of an information system. The main control objective is to: A. Ensure that security is an integral part of information systems B. Prevent errors, loss, unauthorized modification or misuse of information in application C. Ensure the security of systems files D. Maintain the security of application system software and information Page 4

10. The term "information security incident" refers to a(n): A. Identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of controls, or a previously unknown situation that may be security relevant B. Single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security C. Potential that a threat will exploit a vulnerability of an asset or group of assets and thereby cause harm to the organization D. All of the above Page 5

ANSWER KEY for SAMPLE Questions 1 D 2 A 3 B 4 B 5 A 6 A 7 D 8 B 9 A 10 B Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information