Recent

  • Show all results for ""
quiz image
By @matthewhenry

Risk Management Frameworks in Information Security

UndisputedClarity avatar
UndisputedClarity
·
·
Download

Start Quiz

Study Flashcards

12 Questions

What do Requirements 4 through 10 in ISO/IEC 27001 describe?

The structure of an entire information security management system (ISMS) including risk management

What is the focus of ISO/IEC 27005?

Information technology risk management

Which framework is described in NIST Special Publication 800-37?

Risk Management Framework to Federal Information Systems

What is the main focus of COBIT 5?

Enterprise IT governance and management

What is the primary focus of Confidentiality in the context of IT Security?

Ensuring data remains undisclosed to unauthorized individuals

Which encryption method is commonly used for data at rest to maintain Confidentiality?

AES256

What technique is used to protect against alterations of data and systems in the context of Integrity?

Check sums (e.g., CRC)

Which growing trend poses a new threat to system integrity and data integrity, as mentioned in the text?

lOT (Internet Of Things)

What is the cornerstone of IT Security according to the text?

Confidentiality, Integrity, and Availability (CIA) Triad

What is the DAD Triad in the context of IT Security?

Disclosure, Alteration, and Destruction

What can happen if an organization prioritizes too much Integrity?

Availability can suffer

Which measure is emphasized as crucial for maintaining Data availability in the text?

Redundancy on hardware power (Multiple power supplies/UPS’/ generators)

Study Notes

ISO/IEC 27001

  • Requirements 4-10 describe implementation, operation, and continuous improvement of Information Security Management System (ISMS)

ISO/IEC 27005

  • Focuses on Information Security Risk Management

NIST Framework

  • Described in NIST Special Publication 800-37, a risk management framework for information systems

COBIT 5

  • Main focus is on IT governance and management

Confidentiality

  • Primary focus is on protecting sensitive information from unauthorized access

Encryption

  • Commonly used for data at rest to maintain Confidentiality

Data Integrity

  • Technique used to protect against alterations of data and systems is Hash Function

Cloud Computing

  • Growing trend posing a new threat to system integrity and data integrity

IT Security

  • Cornerstone is the Protection of Confidentiality, Integrity, and Availability (CIA) of information assets
  • DAD Triad refers to Confidentiality, Integrity, and Availability
  • Prioritizing too much Integrity can lead to decreased Availability
  • Crucial measure for maintaining Data Availability is ensuring business continuity and disaster recovery

This quiz explores the use of risk management frameworks in information security, focusing on the ISO/IEC 27001 standard and its requirements. It covers the structure of an information security management system and alternatives to building a program from scratch.

Make Your Own Quizzes and Flashcards

Convert your notes into interactive study material.

Get started for free

More Quizzes Like This

Cyber-Risk Assessment and Management Quiz
10 questions

Cyber-Risk Assessment and Management Quiz

LeanCelebration avatar
LeanCelebration
NIST Special Publication 800-37 Revision 2 Quiz
20 questions

NIST 800-37 Rev 2 Quiz and Flashcards

FresherUtopia avatar
FresherUtopia
Effective Security Governance Approach Quiz
11 questions

Effective Security Governance Approach Quiz

FastestMetaphor avatar
FastestMetaphor
RMF Process Seven Sequential Steps Quiz
15 questions

RMF 7 Steps Quiz: Master the Risk Management Framework

InfluentialChaparral6574 avatar
InfluentialChaparral6574
Use Quizgecko on...
Browser
Open
Browser
Browser