12 Questions
What do Requirements 4 through 10 in ISO/IEC 27001 describe?
The structure of an entire information security management system (ISMS) including risk management
What is the focus of ISO/IEC 27005?
Information technology risk management
Which framework is described in NIST Special Publication 800-37?
Risk Management Framework to Federal Information Systems
What is the main focus of COBIT 5?
Enterprise IT governance and management
What is the primary focus of Confidentiality in the context of IT Security?
Ensuring data remains undisclosed to unauthorized individuals
Which encryption method is commonly used for data at rest to maintain Confidentiality?
AES256
What technique is used to protect against alterations of data and systems in the context of Integrity?
Check sums (e.g., CRC)
Which growing trend poses a new threat to system integrity and data integrity, as mentioned in the text?
lOT (Internet Of Things)
What is the cornerstone of IT Security according to the text?
Confidentiality, Integrity, and Availability (CIA) Triad
What is the DAD Triad in the context of IT Security?
Disclosure, Alteration, and Destruction
What can happen if an organization prioritizes too much Integrity?
Availability can suffer
Which measure is emphasized as crucial for maintaining Data availability in the text?
Redundancy on hardware power (Multiple power supplies/UPS’/ generators)
Study Notes
ISO/IEC 27001
- Requirements 4-10 describe implementation, operation, and continuous improvement of Information Security Management System (ISMS)
ISO/IEC 27005
- Focuses on Information Security Risk Management
NIST Framework
- Described in NIST Special Publication 800-37, a risk management framework for information systems
COBIT 5
- Main focus is on IT governance and management
Confidentiality
- Primary focus is on protecting sensitive information from unauthorized access
Encryption
- Commonly used for data at rest to maintain Confidentiality
Data Integrity
- Technique used to protect against alterations of data and systems is Hash Function
Cloud Computing
- Growing trend posing a new threat to system integrity and data integrity
IT Security
- Cornerstone is the Protection of Confidentiality, Integrity, and Availability (CIA) of information assets
- DAD Triad refers to Confidentiality, Integrity, and Availability
- Prioritizing too much Integrity can lead to decreased Availability
- Crucial measure for maintaining Data Availability is ensuring business continuity and disaster recovery
This quiz explores the use of risk management frameworks in information security, focusing on the ISO/IEC 27001 standard and its requirements. It covers the structure of an information security management system and alternatives to building a program from scratch.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free