Information Security Policy Document Control Quiz

Questions and Answers

What is the main focus of Privci Ltd's Information Security Policy?

• Promoting the sharing of privileged and sensitive information
• Ignoring the protection of information assets
• Ensuring the availability, integrity, and confidentiality of information assets (correct)
• Selling information assets to external entities

Who is primarily responsible for the ownership of the Information Security Policy document at Privci Ltd?

• The Information Security Manager or equivalent (correct)
• External IT consultants hired by the company
• The CEO of Privci Ltd
• All employees with access to sensitive information

Which of the following is NOT covered by Privci Ltd's Information Security Policy?

• Physical security
• Marketing strategy (correct)
• Incident response
• Risk assessment

What is the purpose of Privci Ltd's Information Security Policy?

To establish roles and responsibilities for information security (B)

Who does Privci Ltd's Information Security Policy apply to?

All individuals with access to information assets (D)

Which department or position is likely to be involved in conducting a risk assessment as per Privci Ltd's Information Security Policy?

Information Security Manager (D)

What is the purpose of network architecture and segmentation according to the text?

To isolate sensitive information assets and reduce security incident impact (B)

When should employees and contractors report security incidents, as per the policy mentioned?

Immediately upon discovery (B)

What is the primary focus of incident response plans according to the policy?

Mitigating the impact of security incidents effectively (A)

Why does Privci conduct periodic security audits according to the text?

To assess the effectiveness of information security controls (D)

What is the main reason for Privci to implement secure remote access mechanisms?

To protect information assets while being accessed remotely (B)

Why is it essential for Privci's Information Security Policy to be reviewed annually?

To reflect changes in the risk landscape, legal requirements, and industry best practices (B)

Who is responsible for coordinating and managing Privci's information security program?

Information Security Manager (C)

What must privileged users ensure regarding access controls, storage, and transmission of information?

Classification and labeling (B)

Who is responsible for implementing and managing the security controls and safeguards defined by Information Owners?

Information Custodian (D)

What is the purpose of conducting periodic risk assessments at Privci?

To prioritize risk mitigation efforts (D)

What is the responsibility of Privci employees upon discovering a security incident?

Report to the Information Security Manager instantly (C)

What must be done before granting remote access to Privci's information assets?

Approval by Executive Management (D)

Who should provide adequate resources for information security at Privci?

Executive Management (A)

What is the responsibility of Information Owners regarding information assets?

Classifying and labeling assets (A)