IT Security Policies and ISMS Controls

Questions and Answers

What is the primary focus of COBIT, an IT-focused framework?

• Information security and related technologies (correct)
• Network administration
• Cloud computing management
• Risk management

What is the primary purpose of an overall direction and support in information security?

• To implement security measures
• To establish appropriate security policies (correct)
• To responded to security incidents
• To conduct threat assessments

What type of threat is a cyberattack an example of?

• External entity threat (correct)
• System malfunction
• Insider threat
• Data loss

What is the primary focus of asset management in the context of information security?

Managing organizational assets within and beyond the corporate IT network (C)

What is the primary focus of human resource security policies and controls?

Reducing risk from insider threats (D)

What is the primary focus of physical and environmental security guidelines?

Protecting physical IT hardware from damage or unauthorized access (D)

What is the primary purpose of communications and operations management systems?

To operate systems with respect to security policies and controls (A)

What is the primary purpose of an ISMS security control?

To establish appropriate security policies (A)

What type of threat is a system malfunction an example of?

System malfunction (D)

What is the primary purpose of an organization's information security policy?

To establish appropriate security policies unique to the organization (D)