It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures (“whistle blowing”)
It is allowed that employees and contractors are provided with an anonymous reporting channel to report violations of information security policies or procedures (“whistle blowing”)A . TrueB . FalseView AnswerAnswer: A
What is the greatest risk for an organization if no information security policy has been defined?
What is the greatest risk for an organization if no information security policy has been defined?A . If everyone works with the same account, it is impossible to find out who worked on what.B . Information security activities are carried out by only a few people.C . Too many measures...
ISO 27002 provides guidance in the following area
ISO 27002 provides guidance in the following areaA . PCI environment scopingB . Information handling recommendationsC . Framework for an overall security and compliance programD . Detailed lists of required policies and proceduresView AnswerAnswer: C
What do employees need to know to report a security incident?
What do employees need to know to report a security incident?A . How to report an incident and to whom.B . Whether the incident has occurred before and what was the resulting damage.C . The measures that should have been taken to prevent the incident in the first place.D ....
What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?A . The costs for automating are easier to charge to the responsible departments.B . A determination can be made...
Which of these is not a technical measure?
The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a...
What is an example of a good physical security measure?
What is an example of a good physical security measure?A . All employees and visitors carry an access pass.B . Printers that are defective or have been replacedare immediately removed and given away as garbage for recycling.C . Maintenance staff can be given quick and unimpeded access to the server...
What is the ISO / IEC 27002 standard?
What is the ISO / IEC 27002 standard?A . It is a guide of good practices that describes the control objectives and recommended controls regarding information security.B . It is a guide that focuses on the critical aspects necessary for the successful design and implementation of an ISMS in accordance...
What should be used to protect data on removable media if data confidentiality or integrity are important considerations?
What should be used to protect data on removable media if data confidentiality or integrity are important considerations?A . backup on another removable mediumB . cryptographic techniquesC . a passwordD . loggingView AnswerAnswer: B
True or False: Organizations allowing teleworking activities, the physical security of the building and the local environment of the teleworking site should be considered
True or False: Organizations allowing teleworking activities, the physical security of the building and the local environment of the teleworking site should be consideredA . TrueB . FalseView AnswerAnswer: A