The MOST common cause of many internal security incidents in organization is:

Lack of awareness on the part of staff

Lack of security operating procedures

Inadequate network protection measures

An example of a control which helps to protect against Unintentional Disclosure of information is

Classification labelling of information

Regular incremental and full backups

Independent review of information security

What do you need to get strongly authenticated on a logical access control system?

A password and your finger, for instance

A strong password compliant with NIST’s recommendations

Something biometric, no matter what

A passphrase in more than 22 characters

Good Information Security Objective should be:

Specific, Measurable, Achievable, Relevant, and Time-Bound

Special, Measurable, Achievable, Relevant, and Time-Bound

Specific, Material, Achievable, Risk Based, and Time-Bound

Specific, Measurable, Achievable, Risk Based, and Time-Bound

How does ISO/IEC 27000 define an ‘ASSET’?

Anything that is of value to the organization

A physical item within the organization

Digital and physical items owned by an organization

Tangible and non-tangible items owned or rented by an organization

When should organizations perform an information security risk assessments?

At planned intervals or when significant changes are proposed to occur

Every 6 months, or when significant changes are proposed to occur

Every 12 months or when significant changes are proposed to occur

Employee working under the organization's control shall be aware of:

The information security policy

Their contribution to the effectiveness of the information security system

Implications of not confirming with the ISMS requirements

Review external & internal issues, relevant to Org. purpose & affect ability to achieve intended outcome of its ISMS is:

Understanding the organization & its context

Formation of Information Security Policy

Risk Treatment by Control Implementation

_______ ensure Information Security Policy & objectives are established & compatible with the strategic direction

Chief Information Security Officer

When planning how to achieve its information security objectives, the organization shall determine following:

What will be done and How will be done?

Who will be responsible & when it will be completed

What resources will be required

Organization shall determine the need for internal & external communications relevant to the ISMS including EXCEPT:

Communication shall always be in Written Format

What to communicate & when to communicate

With whom to communicate & who shall communicate

Formal Processes by which communication shall be effected

Documentation related to implementation of ISMS can differ from one organization to another due to:

Size of Org., type of activities, processes, products & services

The complexity of processes and their interactions

Org. shall conduct internal audits at planned intervals to provide information on whether ISMS confirms EXCEPT:

New people trained for future cycles

Organization’s own requirements for its ISMS

Requirements of this International Standard

Effectively implemented and maintained

Top management shall review the organization’s information security management system at planned intervals to ensure:

Continuing suitability, adequacy and effectiveness

Status of actions from previous management reviews

Changes in external and internal issues that are relevant to the ISMS

Background verification before employment shall be carried out in accordance with relevant laws, regulations & ethics is fall under

Physical and environmental security

This control ensure that information security is designed & implemented within the development lifecycle of information system

System acquisition, development and maintenance

Information security incident management

ISO27001 Quiz

35 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

10 sec • 5 pts

ISO 27001 is the main standard in the ISO 27K family, it mainly defines what is needed, but does not specify how:

TRUE

FALSE

2.

MULTIPLE CHOICE QUESTION

20 sec • 5 pts

Solutions that enable resilience and redundancy of your systems and planned based on your risk assessment, will support:

Confidentiality

Integrity

Availability

All of the above

3.

MULTIPLE CHOICE QUESTION

20 sec • 5 pts

It monitor systems in order to recognize unusual activities and if needed, to activate the appropriate incident response

Security Incident Management

Physical Security Perimeter

Communications Security Management

Information Transfer Security

4.

MULTIPLE CHOICE QUESTION

20 sec • 5 pts

Delete data when no longer required, in order to avoid leakage & to enable compliance with privacy requirements is

Capacity management

Information backup

Event logging

Secure disposal or reuse of equipment

5.

MULTIPLE CHOICE QUESTION

10 sec • 5 pts

Following are mandatory requirement of ISMS EXCEPT:

Scope of ISMS

Information Security Policy

Security Objectives for Non-Conformance

Statement of Applicability

6.

MULTIPLE CHOICE QUESTION

10 sec • 5 pts

The adoption of an information security management system is a strategic decision for an organization.

TRUE

FALSE

7.

MULTIPLE CHOICE QUESTION

10 sec • 5 pts

Information security management system preserves all EXCEPT:

Confidentiality

Integrity

Authenticity

Availability

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

30 questions

QUIZ 1 - HTML & Javascript

Quiz

•

University

30 questions

Machine Learning Fundamentals Unit - 1

Quiz

•

University

40 questions

FE-Practice # 1

Quiz

•

12th Grade - University

40 questions

IOT_SARS

Quiz

•

University

30 questions

แบบทดสอบเรื่อง การใช้ AI เพื่อการศึกษา 30 ข้อ 15 คะแนน

Quiz

•

6th Grade - University

39 questions

Karel Programming

Quiz

•

10th Grade - University

30 questions

Komputer Jaringan Dasar

Quiz

•

1st Grade - Professio...

30 questions

Redes VLan y Enrutamiento Inter-Vlan

Quiz

•

University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

KG

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Computers

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

7 questions

Fragments, Run-ons, and Complete Sentences

Interactive video

•

4th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

10 questions

DNA Structure and Replication: Crash Course Biology

Interactive video

•

11th Grade - University

5 questions

Inherited and Acquired Traits of Animals

Interactive video

•

4th Grade - University

5 questions

Examining Theme

Interactive video

•

4th Grade - University

20 questions

Implicit vs. Explicit

Quiz

•

6th Grade - University

7 questions

Comparing Fractions

Interactive video

•

1st Grade - University

ISO27001

ISO 27001 is the main standard in the ISO 27K family, it mainly defines what is needed, but does not specify how:

Solutions that enable resilience and redundancy of your systems and planned based on your risk assessment, will support:

It monitor systems in order to recognize unusual activities and if needed, to activate the appropriate incident response

Delete data when no longer required, in order to avoid leakage & to enable compliance with privacy requirements is

Following are mandatory requirement of ISMS EXCEPT:

The adoption of an information security management system is a strategic decision for an organization.

Information security management system preserves all EXCEPT:

The MOST common cause of many internal security incidents in organization is:

An example of a control which helps to protect against Unintentional Disclosure of information is

Risk remaining after the treatment of risk is known as:

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers