The purpose of risk management is to reduce risks to an acceptable level. Information is structured形などが〕かっちりした、はっきりした〔物事が〕計画[組織化・構造化]されたdata)Information is the meaning and value assigned to a collection of data.( Correct. Information is data that has a meaning in some context for its receiver.
Protection rings:
・Outer ring (area around the premises),
・Building (access to the premises),
・Working space (the rooms in the premises, also known as ‘Inner Ring’),
・Object (the asset that is to be protected).
What is one of the four main objectives of a risk analysis?
・Identifying assets and their value
・ Establishing a balance between the costs of an incident and the costs of a security measure
・Determining relevant vulnerabilities and threats
What is an example of a human threat?
phishing Correct. Phishing (luring users to false websites) is one form of a human threat.
A stand-by arrangement is a corrective矯正的な measure that is initiated in order to limit the damage.
What is a repressive鎮圧の measure in case of a fire? =Putting out a fire after it has been detected by a fire detector. Correct. This repressive measure minimizes the damage caused by the fire.
Which factor is not important for determining the value of data for an organization?
A. The content of data.(Correct. The content of data does not determine its value.
Who is authorized to change the classification of a document?
==The owner of the document. Correct. The owner must ensure the asset is classified or reclassified if necessary so is authorized to change the classification of a document.
The computer room is protected by a pass reader. Only the System Management department has a pass. What type of security measure is this?
=a physical security measure. Correct. This is a physical security measure.
Which factor is verified when we must show our access pass?
=something you have. Correct. An access pass is an example of something that you have.
Which threat can occur as a result of the absence of a physical measure?
= A server shuts down because of overheating. Correct. Physical security includes the protection of equipment through climate control (air conditioning, air humidity).
Which security measure is a technical measure?
=Encryption of files. Correct. This is a technical measure which prevents unauthorized persons from reading the information.
A logic bomb is not always malware. It is a piece of code that is built into a software system.
Trojan is a program which, in addition to the function that it appears to perform, purposely conducts secondary activities, unnoticed by the user.
Spyware is a computer program that collects information on the computer user and sends this information to another party.
The malicious software was installed due to a targeted Phishing attack.
Which action is the most beneficial to prevent such incidents in the future?
=Start a security awareness program. Correct. The underlying vulnerability of this threat is the unawareness of the user. Users are persuaded in these kinds of attacks to execute some code that violates the policy (e.g. install suspicious software). Addressing these kind of attacks in a security awareness program will reduce the chance of reoccurrence in the future.
You have been asked to propose organizational security measures for laptops at your company. What is the first step that you should take?
A. Formulate a policy regarding mobile media (PDAs, laptops, smartphones, USB sticks). CORRECT. The policy how to use mobile media is an organizational measure and security measures for laptops can be an obligation
0 Comments