ISO 27002 provides guidance in the following areaA . PCI environment scopingB . Information handling recommendationsC . Framework for an overall security and compliance programD . Detailed lists of required policies and procedures View Answer Answer: C...
What is the best way to comply with legislation and regulations for personal data protection?
What is the best way to comply with legislation and regulations for personal data protection?A . Performing a threat analysisB . Maintaining an incident registerC . Performing a vulnerability analysisD . Appointing the responsibility to someone View Answer Answer: D...
What is the most important reason for applying the segregation of duties?
What is the most important reason for applying the segregation of duties?A . Segregation of duties makes it clear who is responsible for what.B . Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.C . Tasks and responsibilities must be separated...
Which kind of security measure could have prevented this?
A company moves into a new building. A few weeks after the move, a visitor appears unannounced in the office of the director. An investigation shows that visitors passes grant the same access as the passes of the company’s staff . Which kind of security measure could have prevented this?A . physical security measureB...
Why is compliance important for the reliability of the information?
Why is compliance important for the reliability of the information?A . Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.B . By meeting the legislative requirements and the regulations of both the government and internal management, an organization shows that...
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?A . ISO/IEC 27001:2005B . Intellectual Property RightsC . ISO/IEC 27002:2005D . Personal data protection legislation View Answer Answer: D...
Which of the following measures is a preventive measure?
Which of the following measures is a preventive measure?A . Installing a logging system that enables changes in a system to be recognizedB . Shutting down all internet traffic after a hacker has gained access to the company systemsC . Putting sensitive information in a safeD . Classifying a risk as acceptable because the...
Who is accountable to classify information assets?
Who is accountable to classify information assets?A . the CEOB . the CISOC . the Information Security TeamD . the asset owner View Answer Answer: D...
What is an example of a non-human threat to the physical environment?
What is an example of a non-human threat to the physical environment?A . Fraudulent transactionB . Corrupted fileC . StormD . Virus View Answer Answer: C...
Which of these reliability aspects is "completeness" a part of?
Which of these reliability aspects is "completeness" a part of?A . AvailabilityB . ExclusivityC . IntegrityD . Confidentiality View Answer Answer: C...