Information Security Program Fundamentals, Exams of Nursing

An overview of the core principles and key elements of an effective information security program. It covers topics such as the alignment of security goals with organizational objectives, the fundamental security triad (confidentiality, integrity, and availability), the importance of senior management support, the role of threat and vulnerability assessments, personnel security practices, security architecture and governance, risk management strategies, security controls and countermeasures, cryptography concepts, access control mechanisms, and security program implementation and measurement. The document aims to equip readers with a comprehensive understanding of the foundational aspects of information security management, which is crucial for organizations to protect their critical information assets and maintain business continuity in the face of evolving cyber threats.

Typology: Exams

2024/2025

Available from 10/02/2024

Allivia
Allivia ๐Ÿ‡จ๐Ÿ‡ฆ

3.7

(83)

17K documents

1 / 17

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CISM Questions and Answers (latest
Update 2024)
The foundation of an information security program is: -
Correct Answer โœ… Alignment with the goals and objectives
of the organization
The core principles of an information security program are: -
Correct Answer โœ… Confidentiality, Integrity and Availability
The key factor in a successful information security program
is: - Correct Answer โœ… Senior Management support
A threat can be described as: - Correct Answer โœ… Any event
or action that could cause harm to the organization
True/False: Threats can be either intentional or accidental -
Correct Answer โœ… True
Personnel Security requires trained personnel to manage
systems and networks. When does personnel security begin?
- Correct Answer โœ… Through pre-employment checks
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download Information Security Program Fundamentals and more Exams Nursing in PDF only on Docsity!

Update 2024)

The foundation of an information security program is: - Correct Answer โœ… Alignment with the goals and objectives of the organization The core principles of an information security program are: - Correct Answer โœ… Confidentiality, Integrity and Availability The key factor in a successful information security program is: - Correct Answer โœ… Senior Management support A threat can be described as: - Correct Answer โœ… Any event or action that could cause harm to the organization True/False: Threats can be either intentional or accidental - Correct Answer โœ… True Personnel Security requires trained personnel to manage systems and networks. When does personnel security begin?

  • Correct Answer โœ… Through pre-employment checks

Update 2024)

Who plays the most important role in information security? - Correct Answer โœ… Upper management The advantage of an IPS (intrusion prevention system) over an IDS (intrusion detection system) is that: - Correct Answer โœ… The IPS can block suspicious activity in real time True/False: Physical security is an important part of an Information Security program - Correct Answer โœ… True The Sherwood Applied Business Security Architecture (SABSA) is primarily concerned with: - Correct Answer โœ… An enterprise=wide approach to security architecture A centralized approach to security has the primary advantage of: - Correct Answer โœ… Uniform enforcement of security policies The greatest advantage to a decentralized approach to security is: - Correct Answer โœ… More adjustable to local laws and requirements

Update 2024)

What is a primary method for justifying investments in information security? - Correct Answer โœ… development of a business case Relationships with third parties may: - Correct Answer โœ… Require the organization to comply with the security standards of the third party True or False? The organization does not have to worry about the impact of third party relationships on the security program - Correct Answer โœ… False The role of an Information Systems Security Steering Committee is to: - Correct Answer โœ… Provide feedback from all areas of the organization The most effective tool a security department has is: - Correct Answer โœ… A security awareness program

Update 2024)

The role of Audit in relation to Information Security is: - Correct Answer โœ… The validate the effectiveness of the security program against established metrics Who should be responsible for development of a risk management strategy? - Correct Answer โœ… The Security Manager The security requirements of each member of the organization should be documented in: - Correct Answer โœ… Their job descriptions What could be the greatest challenge to implementing a new security strategy? - Correct Answer โœ… Obtaining buy-in from employees A disgruntled former employee is a: - Correct Answer โœ… Threat A bug or software flaw is a: - Correct Answer โœ… Vulnerability

Update 2024)

The main purpose of information classification is to: - Correct Answer โœ… Ensure the effective, appropriate protection of information The value of information is based in part on: - Correct Answer โœ… The fines imposed by regulators in the event of a breach The definition of an information security baseline is: - Correct Answer โœ… The minimum level of security mandated in the organization The use of a baseline can help the organization to: - Correct Answer โœ… Compare the current state of security with the desired state The purpose of a Business Impact Analysis (BIA) is to: - Correct Answer โœ… Estimate the potential impact on the business in case of a system failure

Update 2024)

The ultimate goal of BIA is to: - Correct Answer โœ… determine the priorities for recovery of business processes and systems New controls should be implemented as a part of the risk mitigation strategy: - Correct Answer โœ… In areas where the cost of the control is justified by the benefit obtained An example of risk transference as a risk mitigation option is:

  • Correct Answer โœ… The purchase of insurance to cover some of the losses associated with an incident. The purpose of a life cycle (as used in the Systems Development Life Cycle (SDLC)) is to: - Correct Answer โœ… Assist in the management of a complex project by breaking it into individual steps At which stage of a project should risk management be performed? - Correct Answer โœ… At each stage starting at project initiation

Update 2024)

Symmetric encryption is a: - Correct Answer โœ… two-way encryption process A primary reason for the development of public key cryptography was to: - Correct Answer โœ… Address the ley distribution problems of asymmetric encryption What is the length of a digest created by a hash function? - Correct Answer โœ… A hash function creates a fixed length hash regardless of input message length A hash is often used for: - Correct Answer โœ… Password based authentication The entity requesting access in an access control system is often known as: - Correct Answer โœ… The subject Access control is a means to: - Correct Answer โœ… Permit authorized persons appropriate levels of access

Update 2024)

A surveillance camera is an access control based on: - Correct Answer โœ… Physical controls Anti-virus systems should be deployed on: - Correct Answer โœ… Gateways and individual desktops The use of a policy compliant system may enable an organization to: - Correct Answer โœ… Enforce policies at a desktop level An information classification policy is what form of control? - Correct Answer โœ… Administrative controls Which of the following is a one-way function? - Correct Answer โœ… Hashing True/False: A Disaster Recovery Plan is a part of an Information Security Framework - Correct Answer โœ… True

Update 2024)

The implementation of a security program requires: - Correct Answer โœ… a person that takes ownership of each activity The manipulation of staff to perform unauthorized actions is known as: - Correct Answer โœ… NNTPSocial engineering Audit is a form of: - Correct Answer โœ… business assurance When an organization undertakes a program to outsource the IT function what must it do as part of the outsourcing program? - Correct Answer โœ… Ensure that security requirements are addressed in any contracts What is the best way to understand business priorities? - Correct Answer โœ… Interviews with senior management In case the implementation of an IT project fails, what is the next step? - Correct Answer โœ… Rollback the implementation if possible

Update 2024)

A gap analysis can be used to: - Correct Answer โœ… Determine the disparity between current and desired state Every policy should be backed up through the use of: - Correct Answer โœ… Procedures, standards and baselines The testing and evaluation of the security of a system made in support of the decision to implement the system is known as - Correct Answer โœ… Certification Ensuring that a system is not implemented until it has been formally approved by a senior manager is part of: - Correct Answer โœ… Accreditation Teaching staff how to use a new security tool is known as: - Correct Answer โœ… Training To ensure the quality and adherence to standards for a modification to a system the organization enforces: - Correct Answer โœ… Change control

Update 2024)

Metrics to evaluate the effectiveness of system controls may be based on: - Correct Answer โœ… Key performance indicators (KPIs) The three authentication factors are: - Correct Answer โœ… knowledge, ownership, biometric Sensitive information about a person is called: - Correct Answer โœ… PII Remote access poses the risk that - Correct Answer โœ… Unauthorized users may use remote access systems to gain access A Virtual Private Network (VPN) is used to: - Correct Answer โœ… Create a secure tunnel to allow transmission of sensitive data over an insecure network A security risk associated with disposal of any storage device is: - Correct Answer โœ… The removal of sensitive information

Update 2024)

When an outsourcing contract expires the organization must:

  • Correct Answer โœ… Ensure all data is removed or destroyed by the outsource service provider