Topic 1 - Information Security Management Principals - Test

How should a risk be handled when the cost of the countermeasures outweighs the cost of the risk?

Accept the risk

What describes non-repudiation?

A means of proving that a transaction occurred.

How should the implementation of an Information Assurance system be seen within an organisation?

As a whole organisation issue

When a user logs onto a computer system and is asked for their mother's maiden name, which of the following aspects is the system ensuring?

Authentication

What is not needed for Accountability?

Authorisation

Making sure that the data is accessible when and where it is needed is which of the following?

Availability

Risk Management is used to?

Balance the cost and impact of security with the reduction of risk.

What does security documentation normally not include?

Employee Terms and Conditions

What is not an option when managing risk?

Ignore

You have received an important document and you want to check whether the data is correct. Which characteristic of reliability of information are you checking?

Integrity

Most computer attacks result in violation of which of the following security properties?

Integrity Availability Confidentiality

Risk is commonly expressed as a function of the ......

Likelihood that the harm will occur and its potential impact

What is not considered to be one of the three tenets of information security?

Privacy

What is not related to integrity?

Privacy

What does an ISMS not provide?

Risk elimination

You have been tasked with implementing a number of security controls, including anti-virus and anti-spam software, to protect the company's e-mail system. What type of approach is the company taking to handle the risk posed by the e-mail system?

Risk reduction

Why must senior management endorse a security policy?

So that they will accept ownership for security within the organization.

My organisation has a comprehensive Information Assurance policy. What other security documentation should exist?

Supported by standards, guidelines and procedures available to all staff

What factor do you not need to consider pertaining to Information Security

The difficulty of implementing security controls

What is authorisation?

The granting of specific rights, such as selective access to a person.

Information security must follow which of the following approaches?

Top-down from the top of the organisation

Which of the following methods for handling a risk involves a third party?

Transfer Risk