CISMP EXAM QUESTIONS AND ANSWERS WITH COMPLETE
SOLUTIONS VERIFIED GRADED A++
Risk Transfer
"A form of risk treatment involving the agreed distribution of risk with other parties".
Here we have the concept of transferring an element of the risk to another party. Risks
can be shared amongst multiple parties and the most common implementation of this is
insurance.
We could carry out risk transfer by employing a third party to carry out certain activities
for us, so we have shifted responsibility to that third party.
Governance
about how the business is run, protecting the assets of the organisation and is the
responsibility of the board of directors and senior management. How the organisation is
managed, the oversight and accountability required to demonstrate active involvement
by management.
The common goal of governance is to maintain business processes while striving
towards growth and resilience.
Corporate Governance
,the way in which companies are governed and to what purpose. This covers the
process of interactions and regulations that must be adhered to.
IT Governance
A subset of corporate governance, IT governance is focused on the processes that
ensure the effective and efficient use of IT resources in enabling the organisation to
achieve its goals.
Information Governance
This covers the policies, procedures, controls, and processes that an organisation uses
to manage information in a consistent manner.
Security Governance
the collection of practices related to supporting, defining, and directing the security
efforts of an organisation with links to Information, IT, and corporate governance by
supporting the organisations needs in relation to regulatory, risk, and operational
environments.
Assurance
We normally see this in the context of Information Assurance which is defined as the
"practice of assuring information and managing risks related to the use, processing,
storage, and transmission of information or data and the systems and processes used
for those purposes"
Information Security
Information security is all about protecting information and information systems from
unauthorised access, use, disclosure, disruption, modification, perusal, inspection,
recording or destruction.
, Cyber Security
Cyber security is frequently interpreted as being the same as information security but in
reality, there is a subtle difference. Cyber security is more about the technology used to
secure systems and products rather than governance.
The Security Triangle
At the top we have security. At the other two points we have functionality and ease of
use. All key elements when using a computer system.
The ball should be in the centre of the triangle equally spaced from the three points. If
the red ball moves towards any of the points it does so at the expense of the other two
points.
The CIA Triad
Confidentiality, Integrity, Availability
The CIA triad as it is known has been the staple of security for many years but as
security has evolved, we now add two additional concepts - non-repudiation and
authenticity.
Integrity
This is about protecting the accuracy of the information such that it can be relied upon.
A definition from ISO 27001 "The property of accuracy and completeness.
Integrity ensures that data or information can be trusted, it has not been modified in an
unauthorized manner. With integrity we seek the following:
SOLUTIONS VERIFIED GRADED A++
Risk Transfer
"A form of risk treatment involving the agreed distribution of risk with other parties".
Here we have the concept of transferring an element of the risk to another party. Risks
can be shared amongst multiple parties and the most common implementation of this is
insurance.
We could carry out risk transfer by employing a third party to carry out certain activities
for us, so we have shifted responsibility to that third party.
Governance
about how the business is run, protecting the assets of the organisation and is the
responsibility of the board of directors and senior management. How the organisation is
managed, the oversight and accountability required to demonstrate active involvement
by management.
The common goal of governance is to maintain business processes while striving
towards growth and resilience.
Corporate Governance
,the way in which companies are governed and to what purpose. This covers the
process of interactions and regulations that must be adhered to.
IT Governance
A subset of corporate governance, IT governance is focused on the processes that
ensure the effective and efficient use of IT resources in enabling the organisation to
achieve its goals.
Information Governance
This covers the policies, procedures, controls, and processes that an organisation uses
to manage information in a consistent manner.
Security Governance
the collection of practices related to supporting, defining, and directing the security
efforts of an organisation with links to Information, IT, and corporate governance by
supporting the organisations needs in relation to regulatory, risk, and operational
environments.
Assurance
We normally see this in the context of Information Assurance which is defined as the
"practice of assuring information and managing risks related to the use, processing,
storage, and transmission of information or data and the systems and processes used
for those purposes"
Information Security
Information security is all about protecting information and information systems from
unauthorised access, use, disclosure, disruption, modification, perusal, inspection,
recording or destruction.
, Cyber Security
Cyber security is frequently interpreted as being the same as information security but in
reality, there is a subtle difference. Cyber security is more about the technology used to
secure systems and products rather than governance.
The Security Triangle
At the top we have security. At the other two points we have functionality and ease of
use. All key elements when using a computer system.
The ball should be in the centre of the triangle equally spaced from the three points. If
the red ball moves towards any of the points it does so at the expense of the other two
points.
The CIA Triad
Confidentiality, Integrity, Availability
The CIA triad as it is known has been the staple of security for many years but as
security has evolved, we now add two additional concepts - non-repudiation and
authenticity.
Integrity
This is about protecting the accuracy of the information such that it can be relied upon.
A definition from ISO 27001 "The property of accuracy and completeness.
Integrity ensures that data or information can be trusted, it has not been modified in an
unauthorized manner. With integrity we seek the following:
