What are opportunities?

What are opportunities?A . Occurrence or change of a particular set of circumstancesB . Combination of circumstances expected to be favorable to objectivesC . Outcome of an event affecting objectivesView AnswerAnswer: B Explanation: Opportunities, according to ISO standards such as ISO 31000, are situations or conditions that have the potential...

April 5, 2025 No Comments READ MORE +

Can organizations obtain certification against ISO 31000?

Can organizations obtain certification against ISO 31000?A . Yes, organizations of any type or size can obtain certification against ISO 31000B . Yes, but only organizations that manufacture products can obtain an ISO 31000 certificationC . [No, organizations cannot obtain certification against ISO 31000, as the standard provides only guidelinesView...

March 27, 2025 No Comments READ MORE +

According to ISO/IEC 27000, what is the definition of information security?

According to ISO/IEC 27000, what is the definition of information security?A . Preservation of confidentiality, integrity, and availability of informationB . Protection of privacy during the processing of personally identifiable informationC . Preservation of authenticity, accountability, and reliability in the cyberspaceView AnswerAnswer: A Explanation: According to ISO/IEC 27000, information security...

March 20, 2025 No Comments READ MORE +

Based on scenario 1, Bontton used ISO/IEC 27005 to ensure effective implementation of all ISO/IEC 27001 requirements. Is this appropriate?

Scenario 1 The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took was identifying the company’s assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber...

March 18, 2025 No Comments READ MORE +

What type of information security control has been implemented in this case?

An organization has installed security cameras and alarm systems . What type of information security control has been implemented in this case?A . TechnicalB . ManagerialC . LegalView AnswerAnswer: A Explanation: Security cameras and alarm systems are considered technical controls in the context of information security. Technical controls, also known...

March 10, 2025 No Comments READ MORE +

Which of the following statements best defines information security risk?

Which of the following statements best defines information security risk?A . The potential that threats will exploit vulnerabilities of an information asset and cause harm to an organizationB . Weakness of an asset or control that can be exploited by one or a group of threatsC . Potential cause of...

March 6, 2025 No Comments READ MORE +

Is this a good practice?

Scenario 1 The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took was identifying the company’s assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber...

March 1, 2025 No Comments READ MORE +

According to ISO 31000, which of the following is a principle of risk management?

According to ISO 31000, which of the following is a principle of risk management?A . DynamicB . QualitativeC . ReliabilityView AnswerAnswer: A Explanation: According to ISO 31000, a principle of risk management is that it should be dynamic. This means that risk management practices should be flexible and able to...

March 1, 2025 No Comments READ MORE +

What did Henry identify in this case?

Scenario 1 The risk assessment process was led by Henry, Bontton’s risk manager. The first step that Henry took was identifying the company’s assets. Afterward, Henry created various potential incident scenarios. One of the main concerns regarding the use of the application was the possibility of being targeted by cyber...

February 28, 2025 No Comments READ MORE +

Based on scenario 2, has Travivve defined the responsibilities of the risk manager appropriately?

Scenario 2: Travivve is a travel agency that operates in more than 100 countries. Headquartered in San Francisco, the US, the agency is known for its personalized vacation packages and travel services. Travivve aims to deliver reliable services that meet its clients’ needs. Considering the impact of information security in...

February 22, 2025 No Comments READ MORE +