Quiz-2 - Quiz 2 PDF

Preview

Summary

Quiz 2...

Description

4/7/2017

Quiz2

﴾http://ilearn.mq.edu.au﴿

﴾http://ilearn.mq.edu.au﴿

ITEC854 Security Management My home ﴾http://ilearn.mq.edu.au/my/﴿ / ITEC854_SHFYR_2016_ALL_U ﴾http://ilearn.mq.edu.au/course/view.php?id=26155﴿ / Week 8 ‐ Information classification and exposure & Quiz 2 / Quiz 2 ﴾http://ilearn.mq.edu.au/mod/quiz/view.php?id=3740183﴿

Started on

Tuesday, 4 October 2016, 8:31 PM

State

Finished

Completed on

Tuesday, 4 October 2016, 9:16 PM

Time taken

45 mins 1 sec

Grade

Not yet graded

Question 1 Complete Marked out of 0.5

In Information Security Management, the purpose of controls is: its Actions chosen to minimise and treat the risk

Question 2 Complete Marked out of 0.5

The types of controls are broadly classified as:

http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195

1/10

4/7/2017

Quiz2

Baseline Specific low impact risk incorrect control

Question 3 Complete Marked out of 0.5

Constraints to selecting a control or controls include: Time cost environmental Behavioral legal sociological

Question 4 Complete Marked out of 0.5

An Information Security Maturity Model is used for: Measures of control Maturity and effectiveness Also measures of organisation ability to choose or select and implement

http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195

2/10

4/7/2017

Quiz2

Question 5 Complete Marked out of 0.5

The difference between a BCP and a DRP is: BCP is designed to provide a procedures which will help to or lead to business continuity, On the other hand, DRP is similar to BCP, the only different is that DRP introduced after the BCP is enacted

Question 6 Complete Marked out of 0.5

Describe the steps undertaken in a Business Impact Analysis: Business continuity should begin by : Identifying the events that causesinterruption such as fire then it followed by risk assesment to know the impact of those interruption the owners of business resources and processes must involve in these activities. when the result comes or depending on the results of the risk assesment, a strategy plan should be developed when the plan is created , it should be supported by management

Question 7 Complete

http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195

3/10

4/7/2017

Quiz2

Marked out of 0.5

Describe the most important components of BCP/DRP testing and why they are important? simulation imortant for training Table‐top testing of various scenarios testing recovery at an alternative site tests of supplier facilities and services makeingsure suppliers provide complete rehearsals ﴾ important for testing the organistion hardware etc for interruptions 

Question 8 Complete Marked out of 0.5

What is an Enterprise Information Security Framework ﴾EISF﴿? is compasses the enterprise and cover people processes and technology, it contains risk managmentprocedures , security polices and procedures and training and implementation

Question 9 Complete Marked out of 0.5

http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195

4/10

4/7/2017

Quiz2

How is an EISF assessed? Aligns to standards ISO27001 /iso27002

Question 10 Complete Marked out of 0.5

What is a Statement of Applicability? ISO27001 concept is used it identifies the security controls that have been chosen and why you chose them also we need to show why other controls excluded and not been selected link the controls selected to risk assessment

Question 11 Complete Marked out of 0.5

What are the four steps in an ISO certified ISMS? Plan DO check ACT

http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195

5/10

4/7/2017

Quiz2

Question 12 Complete Marked out of 0.5

To pass an ISO audit of an ISO27001 ISMS, what type of evidence is required for ISMS operation? Information security, management frame work, guidlines , time, plans SOA three months records at least

Question 13 Complete Marked out of 0.5

The purpose of information classification is: to insure that information assets protected information assets have an appropriate level of protection 

Question 14 Complete Marked out of 0.5

What can happen if you “under classify” information? CIA lost or compromised Financialrisk

http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195

6/10

4/7/2017

Quiz2

cant maintain an effective ISMS too much information available to too many people

Question 15 Complete Marked out of 0.5

What can happen if you “over classify” information? TRA becomes unmanageable, many assets with high risk Users become complacent because all assets appearto be similar Difficulties in managing information policy operation ignored

Question 16 Complete Marked out of 0.5

Name four different types of information classification strategies. subsystem should default to secure settings defence is depth enforce the principleof least privilege that needed for specific functions fail secure rather fail unsecured secure system need deliberate,knowledge etc for decision

http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195

7/10

4/7/2017

Quiz2

Question 17 Complete Marked out of 0.5

What is the difference between the Bell–LaPadula model and the Biba model? Bell Lapadula model only address data confidentiality Biba model developed for the weakness of Bell Lapadula mode which only addresses confidentiality + its aset of access control rules to ensure data integrity

Question 18 Complete Marked out of 0.5

Can information classification stop information loss and if so, how? No it can only reduce the information lose but cantprevent it

Question 19 Complete Marked out of 0.5

What is the relationship between information classification and control selection? Control selection is actually based on information classification, this means it is part of information classification

http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195

8/10

4/7/2017

Quiz2

Question 20 Complete Marked out of 0.5

Can an EISF be certified to IS27001 with incomplete controls? Yes for the organisation'sscope there are controlsnot related or not needed to be implemented or not applicable 

Finish review ﴾http://ilearn.mq.edu.au/mod/quiz/view.php?id=3740183﴿

Quiz navigation 1 17

2 18

3

4 19

5

6

7

8

9

10

11

12

13

14

15

16

20

Show one page at a time ﴾http://ilearn.mq.edu.au/mod/quiz/review.php? attempt=3314195&showall=0﴿ Finish review ﴾http://ilearn.mq.edu.au/mod/quiz/view.php?id=3740183﴿

General iLearn or IT question? help.mq ﴾http://help.mq.edu.au/﴿ iLearn info ﴾http://help.ilearn.mq.edu.au/﴿ Library ﴾http://www.mq.edu.au/on_campus/library/﴿

http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195

9/10

4/7/2017

Quiz2

Handbook ﴾http://handbook.mq.edu.au/﴿ Unit Guides ﴾http://unitguides.mq.edu.au/﴿ Learning and Teaching Policies ﴾http://www.mq.edu.au/policy/category.html#l_t﴿

Students iLearn Quick Guides for students ﴾http://www.mq.edu.au/iLearn/student_info/guides.htm﴿ General question? ask.mq ﴾http://ask.mq.edu.au/﴿ IT Information ﴾printing, iLab, technologies﴿ ﴾http://students.mq.edu.au/it_services/﴿ Student life ‐ help and advice ﴾http://students.mq.edu.au/support/﴿ Email ﴾https://mail.google.com/﴿ eStudent ﴾https://student1.mq.edu.au/﴿

Staff iLearn Quick Guides for staff ﴾http://www.mq.edu.au/iLearn/resources/quick_guides.htm﴿ L&T Workshops and services ﴾https://www.mq.edu.au/lih/Workshops/index.php﴿ iTeach ﴾iLearn & unit guides setup﴿ ﴾https://iteach.mq.edu.au/﴿ Echo360 Lecture Recordings Info ﴾http://www.mq.edu.au/iLearn/lecture_recordings.htm﴿ TEDS ﴾evaluation surveys﴿ ﴾http://staff.mq.edu.au/teaching/evaluation/﴿

© Copyright Macquarie University | Confidentiality & Privacy Statement ﴾http://www.mq.edu.au/iLearn/student_info/confidentiality.htm﴿

You are logged in as Mohammed Khamis Khalfan Abdulla Almazrouei ﴾http://ilearn.mq.edu.au/user/profile.php? id=197260﴿ ﴾Log out ﴾http://ilearn.mq.edu.au/login/logout.php?sesskey=JRJ1dreoX1﴿﴿

http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195

10/10...