You work in the IT department of a medium-sized company. Confidential information has got into the wrong hands several times. This has hurt the image of the company. You have been asked to propose organizational security measures for laptops at your company. What is the first step that you should take?
A. Formulate a policy regarding mobile media (PDAs, laptops, smartphones, USB sticks)
B. Appoint security personnel
C. Encrypt the hard drives of laptops and USB sticks
D. Set up an access control policy
You work for a large organization. You notice that you have access to confidential information that you should not be able to access in your position. You report this security incident to the helpdesk. The incident cycle isinitiated. What are the stages of the security incident cycle?
A. Threat, Damage, Incident, Recovery
B. Threat, Damage, Recovery, Incident
C. Threat, Incident, Damage, Recovery
D. Threat, Recovery, Incident, Damage
We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?
A. Availability, Information Value and Confidentiality
B. Availability, Integrity and Confidentiality
C. Availability, Integrity and Completeness
D. Timeliness, Accuracy and Completeness
In most organizations, access to the computer or the network is granted only after the user has entered a correct username and password. This process consists of 3 steps: identification, authentication and authorization. What is the purpose of the second step, authentication?
A. In the second step, you make your identity known, which means you are given access to the system.
B. The authentication step checks the username against a list of users who have access to the system.
C. The system determines whether access may be granted by determining whether the token used is authentic.
D. During the authentication step, the system gives you the rights that you need, such as being able to read the data in the system.
Some threats are caused directly by people, others have a natural cause. What is an example of an intentional human threat?
A. Lightning strike
B. Arson
C. Flood
D. Loss of a USB stick
What is the most important reason for applying segregation of duties?
A. Segregation of duties makes it clear who is responsible for what.
B. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
D. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.
What is the relationship between data and information?
A. Data is structured information.
B. Information is the meaning and value assigned to a collection of data.
What is a repressive measure in the case of a fire?
A. Taking out fire insurance
B. Putting out a fire after it has been detected by a fire detector
C. Repairing damage caused by the fire
What is an example of a good physical security measure?
A. All employees and visitors carry an access pass.
B. Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.
C. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?
A. ISO/IEC 27001:2005
B. Intellectual Property Rights
C. ISO/IEC 27002:2005
D. Personal data protection legislation
