Title | Quiz 2 - Security Management |
---|---|
Author | sam william |
Course | Cyber Security and Privacy |
Institution | Macquarie University |
Pages | 10 |
File Size | 231.9 KB |
File Type | |
Total Downloads | 71 |
Total Views | 191 |
Security Management...
4/7/2017
Quiz2
﴾http://ilearn.mq.edu.au﴿
﴾http://ilearn.mq.edu.au﴿
ITEC854 Security Management My home ﴾http://ilearn.mq.edu.au/my/﴿ / ITEC854_SHFYR_2016_ALL_U ﴾http://ilearn.mq.edu.au/course/view.php?id=26155﴿ / Week 8 ‐ Information classification and exposure & Quiz 2 / Quiz 2 ﴾http://ilearn.mq.edu.au/mod/quiz/view.php?id=3740183﴿
Started on
Tuesday, 4 October 2016, 8:31 PM
State
Finished
Completed on
Tuesday, 4 October 2016, 9:16 PM
Time taken
45 mins 1 sec
Grade
Not yet graded
Question 1 Complete Marked out of 0.5
In Information Security Management, the purpose of controls is: its Actions chosen to minimise and treat the risk
Question 2 Complete Marked out of 0.5
The types of controls are broadly classified as:
http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195
1/10
4/7/2017
Quiz2
Baseline Specific low impact risk incorrect control
Question 3 Complete Marked out of 0.5
Constraints to selecting a control or controls include: Time cost environmental Behavioral legal sociological
Question 4 Complete Marked out of 0.5
An Information Security Maturity Model is used for: Measures of control Maturity and effectiveness Also measures of organisation ability to choose or select and implement
http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195
2/10
4/7/2017
Quiz2
Question 5 Complete Marked out of 0.5
The difference between a BCP and a DRP is: BCP is designed to provide a procedures which will help to or lead to business continuity, On the other hand, DRP is similar to BCP, the only different is that DRP introduced after the BCP is enacted
Question 6 Complete Marked out of 0.5
Describe the steps undertaken in a Business Impact Analysis: Business continuity should begin by : Identifying the events that causesinterruption such as fire then it followed by risk assesment to know the impact of those interruption the owners of business resources and processes must involve in these activities. when the result comes or depending on the results of the risk assesment, a strategy plan should be developed when the plan is created , it should be supported by management
Question 7 Complete
http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195
3/10
4/7/2017
Quiz2
Marked out of 0.5
Describe the most important components of BCP/DRP testing and why they are important? simulation imortant for training Table‐top testing of various scenarios testing recovery at an alternative site tests of supplier facilities and services makeingsure suppliers provide complete rehearsals ﴾ important for testing the organistion hardware etc for interruptions
Question 8 Complete Marked out of 0.5
What is an Enterprise Information Security Framework ﴾EISF﴿? is compasses the enterprise and cover people processes and technology, it contains risk managmentprocedures , security polices and procedures and training and implementation
Question 9 Complete Marked out of 0.5
http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195
4/10
4/7/2017
Quiz2
How is an EISF assessed? Aligns to standards ISO27001 /iso27002
Question 10 Complete Marked out of 0.5
What is a Statement of Applicability? ISO27001 concept is used it identifies the security controls that have been chosen and why you chose them also we need to show why other controls excluded and not been selected link the controls selected to risk assessment
Question 11 Complete Marked out of 0.5
What are the four steps in an ISO certified ISMS? Plan DO check ACT
http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195
5/10
4/7/2017
Quiz2
Question 12 Complete Marked out of 0.5
To pass an ISO audit of an ISO27001 ISMS, what type of evidence is required for ISMS operation? Information security, management frame work, guidlines , time, plans SOA three months records at least
Question 13 Complete Marked out of 0.5
The purpose of information classification is: to insure that information assets protected information assets have an appropriate level of protection
Question 14 Complete Marked out of 0.5
What can happen if you “under classify” information? CIA lost or compromised Financialrisk
http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195
6/10
4/7/2017
Quiz2
cant maintain an effective ISMS too much information available to too many people
Question 15 Complete Marked out of 0.5
What can happen if you “over classify” information? TRA becomes unmanageable, many assets with high risk Users become complacent because all assets appearto be similar Difficulties in managing information policy operation ignored
Question 16 Complete Marked out of 0.5
Name four different types of information classification strategies. subsystem should default to secure settings defence is depth enforce the principleof least privilege that needed for specific functions fail secure rather fail unsecured secure system need deliberate,knowledge etc for decision
http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195
7/10
4/7/2017
Quiz2
Question 17 Complete Marked out of 0.5
What is the difference between the Bell–LaPadula model and the Biba model? Bell Lapadula model only address data confidentiality Biba model developed for the weakness of Bell Lapadula mode which only addresses confidentiality + its aset of access control rules to ensure data integrity
Question 18 Complete Marked out of 0.5
Can information classification stop information loss and if so, how? No it can only reduce the information lose but cantprevent it
Question 19 Complete Marked out of 0.5
What is the relationship between information classification and control selection? Control selection is actually based on information classification, this means it is part of information classification
http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195
8/10
4/7/2017
Quiz2
Question 20 Complete Marked out of 0.5
Can an EISF be certified to IS27001 with incomplete controls? Yes for the organisation'sscope there are controlsnot related or not needed to be implemented or not applicable
Finish review ﴾http://ilearn.mq.edu.au/mod/quiz/view.php?id=3740183﴿
Quiz navigation 1 17
2 18
3
4 19
5
6
7
8
9
10
11
12
13
14
15
16
20
Show one page at a time ﴾http://ilearn.mq.edu.au/mod/quiz/review.php? attempt=3314195&showall=0﴿ Finish review ﴾http://ilearn.mq.edu.au/mod/quiz/view.php?id=3740183﴿
General iLearn or IT question? help.mq ﴾http://help.mq.edu.au/﴿ iLearn info ﴾http://help.ilearn.mq.edu.au/﴿ Library ﴾http://www.mq.edu.au/on_campus/library/﴿
http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195
9/10
4/7/2017
Quiz2
Handbook ﴾http://handbook.mq.edu.au/﴿ Unit Guides ﴾http://unitguides.mq.edu.au/﴿ Learning and Teaching Policies ﴾http://www.mq.edu.au/policy/category.html#l_t﴿
Students iLearn Quick Guides for students ﴾http://www.mq.edu.au/iLearn/student_info/guides.htm﴿ General question? ask.mq ﴾http://ask.mq.edu.au/﴿ IT Information ﴾printing, iLab, technologies﴿ ﴾http://students.mq.edu.au/it_services/﴿ Student life ‐ help and advice ﴾http://students.mq.edu.au/support/﴿ Email ﴾https://mail.google.com/﴿ eStudent ﴾https://student1.mq.edu.au/﴿
Staff iLearn Quick Guides for staff ﴾http://www.mq.edu.au/iLearn/resources/quick_guides.htm﴿ L&T Workshops and services ﴾https://www.mq.edu.au/lih/Workshops/index.php﴿ iTeach ﴾iLearn & unit guides setup﴿ ﴾https://iteach.mq.edu.au/﴿ Echo360 Lecture Recordings Info ﴾http://www.mq.edu.au/iLearn/lecture_recordings.htm﴿ TEDS ﴾evaluation surveys﴿ ﴾http://staff.mq.edu.au/teaching/evaluation/﴿
© Copyright Macquarie University | Confidentiality & Privacy Statement ﴾http://www.mq.edu.au/iLearn/student_info/confidentiality.htm﴿
You are logged in as Mohammed Khamis Khalfan Abdulla Almazrouei ﴾http://ilearn.mq.edu.au/user/profile.php? id=197260﴿ ﴾Log out ﴾http://ilearn.mq.edu.au/login/logout.php?sesskey=JRJ1dreoX1﴿﴿
http://ilearn.mq.edu.au/mod/quiz/review.php?attempt=3314195
10/10...