What is the most important reason for applying the segregation of duties?
- A . Segregation of duties makes it clear who is responsible for what.
- B . Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
- C . Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
- D . Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.
Why is compliance important for the reliability of the information?
- A . Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.
- B . By meeting the legislative requirements and the regulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
- C . When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and therefore it guarantees the reliability of its information.
- D . When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.
What is the best way to comply with legislation and regulations for personal data protection?
- A . Performing a threat analysis
- B . Maintaining an incident register
- C . Performing a vulnerability analysis
- D . Appointing the responsibility to someone
What is an example of a non-human threat to the physical environment?
- A . Fraudulent transaction
- B . Corrupted file
- C . Storm
- D . Virus
Who is accountable to classify information assets?
- A . the CEO
- B . the CISO
- C . the Information Security Team
- D . the asset owner
A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the company’s staff .
Which kind of security measure could have prevented this?
- A . physical security measure
- B . An organizational security measure
- C . A technical security measure
ISO 27002 provides guidance in the following area
- A . PCI environment scoping
- B . Information handling recommendations
- C . Framework for an overall security and compliance program
- D . Detailed lists of required policies and procedures
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?
- A . ISO/IEC 27001:2005
- B . Intellectual Property Rights
- C . ISO/IEC 27002:2005
- D . Personal data protection legislation
Which of these reliability aspects is "completeness" a part of?
- A . Availability
- B . Exclusivity
- C . Integrity
- D . Confidentiality
Which of the following measures is a preventive measure?
- A . Installing a logging system that enables changes in a system to be recognized
- B . Shutting down all internet traffic after a hacker has gained access to the company systems
- C . Putting sensitive information in a safe
- D . Classifying a risk as acceptable because the cost of addressing the threat is higher than the value of the information at risk