הכנה למבחן בניהול אבטחת מידע
- 131 שאלות
- 20 תגובות
- 0% הושלמו
- equalizer סטטיסטיקות
- share שתף
Discuss, Learn and be Happy דיון בשאלות
help
brightness_4
brightness_7
format_textdirection_r_to_l
format_textdirection_l_to_r
In an accounting department, several people are required to complete a financial process. This is most likely an example of
1
| mood | ||
No single employee has control of a transaction from beginning
to end; two or more people should be responsible for performing it.
מיין לפי
Risk Management is commonly understood as all of the following EXCEPT
1
| done |
The processes of identifying, analyzing, and assessing, mitigating,
or transferring risk is generally characterized as risk management.
מיין לפי
The percentage or degree of damage inflicted on an asset used in the calculation of single loss expectancy can be referred to as
1
| done | ||
This factor represents a measure of the magnitude of loss or
impact on the value of an asset. It is expressed as a percent, ranging from
0% to 100%, of asset value loss arising from a threat event. This factor is
used in the calculation of single loss expectancy (SLE).
מיין לפי
The absence of a fire-suppression system would be best characterized as a(n)
1
מיין לפי
Risk Assessment includes all of the following EXCEPT
1
| done | ||
Fundamental applications of risk assessment to be addressed
include (1) determining the current status of information security in the target environment(s) and ensuring that associated risk is managed
(accepted, mitigated, or transferred) according to policy, and (2) assessing
risk strategically.
מיין לפי
A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?
1
| done | ||
The best automated tools currently available include a wellresearched
threat population and associated statistics. Using one of these
tools virtually assures that no relevant threat is overlooked.
מיין לפי
Data classification can assist an organization in
1
Who “owns” an organization’s data?
1
| done |
The business units, not IT (information technology), own the data. Decisions regarding who has what access, what classification the
data should be assigned, etc., are decisions that rest solely with the business data owner and based on organization policy.
מיין לפי
An information security policy does NOT usually include
1
| done | ||
Policy is written at a very high level and is intended to describe
the “whats” of information security. Procedures, standards, baselines, and
guidelines are the “hows” for implementation of the policy.
מיין לפי
The role of an information custodian should NOT include
1
| done | ||
Ensure record retention requirements are met based on the information
owner’s analysis.