PRINCIPLES OF INFORMATION SECURITY
PRINCIPLES OF INFORMATION SECURITY EXAM QUESTIONS AND ANSWERS %
CORRECT.
1. List and describe the factors that are likely to shift in an organization's
information security environment. answer >>> - The acquisitions of new assets
and the divestiture of old assets
- The emergence of vulnerabilities associated with new or existing assets
- Shifting business priorities
- The formation of new partnerships
- The dissolution of old partnerships
- The departure of personnel who are trained, educated, and aware of policies,
procedures, and technologies
- The hiring of personnel
2. Who decides if the information security program can adapt to change
adequately? answer >>> The CISO
3. List and briefly describe the five domains of the general security maintenance
model, as identified in the text. answer >>> > External monitoring: The
component of the maintenance model that focuses on evaluating external threats
to the organization's information assets.
> Internal monitoring: The component of the maintenance model that focuses on
identifying, assessing, and managing the configuration and status of information
assets in an organization.
, PRINCIPLES OF INFORMATION SECURITY
> Planning and risk assessment: The component of the maintenance model that
focuses on identifying and planning ongoing information security activities and
identifying and managing risks introduced through IT information security
projects.
> Vulnerability assessment and remediation: The component of the maintenance
model focused on identifying specific, documented vulnerabilities and
remediating them in a timely fashion.
> Readiness and review: Keep InfoSec program functioning as designed and
improve it continuously over time via policy review, program review, and
rehearsals
4. What are the three primary aspects of information security risk management?
Why is each important? answer >>> > Threats: "Threats may occur by means of
physical attacks or by means of programs that harm the legitimate programs,
critical data. These threats will lead to down the network and cause heavy loss to
the organization."
> Assets: "Assets are the resources of the company that will be in physical or non-
physical forms. The assets will have economic value and are resources that
generate revenue to the organization."
> Vulnerabilities: "The deficits or loopholes in the system that allows a third
person, who can cause damage to the system."
5. What is a management maintenance model? What does it accomplish? answer
>>> > Management models are frameworks that structure the tasks of managing
a particular set of activities or business functions.
PRINCIPLES OF INFORMATION SECURITY EXAM QUESTIONS AND ANSWERS %
CORRECT.
1. List and describe the factors that are likely to shift in an organization's
information security environment. answer >>> - The acquisitions of new assets
and the divestiture of old assets
- The emergence of vulnerabilities associated with new or existing assets
- Shifting business priorities
- The formation of new partnerships
- The dissolution of old partnerships
- The departure of personnel who are trained, educated, and aware of policies,
procedures, and technologies
- The hiring of personnel
2. Who decides if the information security program can adapt to change
adequately? answer >>> The CISO
3. List and briefly describe the five domains of the general security maintenance
model, as identified in the text. answer >>> > External monitoring: The
component of the maintenance model that focuses on evaluating external threats
to the organization's information assets.
> Internal monitoring: The component of the maintenance model that focuses on
identifying, assessing, and managing the configuration and status of information
assets in an organization.
, PRINCIPLES OF INFORMATION SECURITY
> Planning and risk assessment: The component of the maintenance model that
focuses on identifying and planning ongoing information security activities and
identifying and managing risks introduced through IT information security
projects.
> Vulnerability assessment and remediation: The component of the maintenance
model focused on identifying specific, documented vulnerabilities and
remediating them in a timely fashion.
> Readiness and review: Keep InfoSec program functioning as designed and
improve it continuously over time via policy review, program review, and
rehearsals
4. What are the three primary aspects of information security risk management?
Why is each important? answer >>> > Threats: "Threats may occur by means of
physical attacks or by means of programs that harm the legitimate programs,
critical data. These threats will lead to down the network and cause heavy loss to
the organization."
> Assets: "Assets are the resources of the company that will be in physical or non-
physical forms. The assets will have economic value and are resources that
generate revenue to the organization."
> Vulnerabilities: "The deficits or loopholes in the system that allows a third
person, who can cause damage to the system."
5. What is a management maintenance model? What does it accomplish? answer
>>> > Management models are frameworks that structure the tasks of managing
a particular set of activities or business functions.
