ISDS 3070 Quiz 1
The Zachman Architecture Framework is often used to set up an enterprise security architecture. Which of the following does NOT correctly describe the Zachman Framework?
A security-oriented model that gives instruction in a modular fashion
Vulnerability
A weakness in a system that allow a threat source to compromise its security
Data Controller
Any organization that collects data on EU residents
Data Processor
Any organization that processes data for a data controller
Threat
Any potential danger is associated with the exploitation of a vulnerability
Bob has some data that is extremely valuable. He backs it up from his computer to a flash stick, and he puts the flash stick in a safe deposit box. Which two principles of the CIA triad does this address?
Backup - Availability; Safe Deposit Box - Confidentialty
If you are a business that provides financial services, publishes quarterly reports to the Security and Exchange Commission and want to ensure you have the necessary controls to ensure your IT department is meeting all required security controls, you should follow:
COBIT-5
Alice is the security manager of a company that makes most of its revenue from its intellectual property. Alice has implemented a process improvement program that has been certified by an outside entity. Her company received a Level 2 during an appraisal process, and she is putting in steps to increase this to a Level 3. Which of the below answers is the criteria Alice's company was most likely certified under?
Capability Maturity Model Integration
Compensating
Controls that provide an alternative measure of control
Match the control to the appropriate control type. Image of a Computer
Corrective
Match the control to the appropriate control type. Motion Detector
Detective
Match the control to the appropriate control type. Guard Dog
Deterent
Availability
Ensures access to data is timely and data is reliable
Corrective
Fixes components or systems after an incident has occurred
Detective
Helps identify an incident's activities and potentially an intruder
Which of the following best describes ISO 27001 and BS 7799?
ISO 27001 is the internationally recognized Information Security Management Standard that provides high level, conceptual recommendations on enterprise security. It was derived from BS 7799
If you are an organization and your primary objective is to ensure your IT Department is properly meeting the needs of the different units within the organization, the best standard for you to follow would be:
ITIL
Preventive
Intended to avoid an incident from occurring
Recovery
Intended to bring the environment back to regular operations
Threats can come in many forms and every company should place high importance on identifying all of its potential threats. Which of the answers below is an accurate example of a potential threat?
Intentional loss of data due to a disgruntled employee Unintentional loss of data due to an employee mistake Unintentional loss of data due to a computer malfunction
If you are a government contractor providing IT services to the U.S military, you should use the following Security Control Framework
NISP SO 800-53
Which organization has been developed to deal with economic, social, and governance issues and with how sensitive data is transported over borders?
Organization for Economic, Co-Operation and Development
Match the control to the appropriate control type. Bollard
Preventive
Match the control to the appropriate control type. Encryption
Preventive
Confidentiability
Prevents unauthorized disclosures of data
Integrity
Prevents unauthorized modification of data
Which of the following is the effect of job rotation on organizational security?
Privileged personnel involved in violations of security policy cannot be certain that they can always avoid detection
Match the control to the appropriate control type. Backup Tapes
Recovery
The Organization for Economic Cooperation Development (OECD) has generated and published a set of 8 principles privacy. Which of the following is NOT one of these 8 principles?
Right to be Forgotten Principle
The Sherwood Applied Business Security Architecture (SABSA) Framework is often used to set up an enterprise security architecture. Which of the following correctly describes the SABSA Framework?
Serves as both a framework and methodology
This Enterprise Architecture Framework provides an approach to design implementation, and governance for an enterprise information architecture that allows the IT architecture to understand the enterprise from four different architectures: business, data, application and technology
TOGAF
The integrity of data is not related to which of the following?
The extraction of data to share with unauthorized entities
Data Subject
The individual to whom the data pertains
Risk
The likelihood of a threat source exploiting a vulnerability and the corresponding business impact
A social engineer, a hacker, a shoulder surfer, and even an employee making an unintentional mistake that could expose confidential information are all types of what?
Threat agents