30 Questions
What does the 'I' in CIA stand for in the context of security?
Integrity
Which of the following is NOT one of the cornerstones of security according to the text?
Authentication
Why is ensuring availability important in security?
To ensure information can be accessed by authorized users
In the context of security, what does AbbVie's sale of Humira® demonstrate?
The significance of financial integrity
What is meant by 'Authentication' in the context of a good security program?
Ensuring the authenticity of someone's identity
How are Confidentiality, Integrity, and Availability related in a security program?
Ideally, they should be equally addressed, but in reality, they are not equal
What does the principle of least privilege refer to?
Limiting access rights for users to only required resources
What is a common mistake related to the principle of least privilege mentioned in the text?
Not including the 'and nothing more' part in the principle
How does the text describe the impact of overly restrictive security rules?
Slowing down network performance
Why are the last three words ('and nothing more') important in the principle of least privilege?
To ensure users have access beyond their requirements
What is the primary objective behind implementing the principle of least privilege?
To limit employees' access to essential resources only
What could be a consequence of not adhering to the principle of least privilege according to the text?
Increased security risks
Who is responsible for classifying an incident?
Users or administration staff
What phase does the Incident Response (IR) plan move to once an incident is confirmed and classified?
Reaction phase
What should incident response procedures describe?
Incidents descriptions/categories and responses
What should the documentation of an incident record?
The who, what, when, where, why, and how of each action taken
When should the recovery process begin according to NIST SP 800-184?
Immediately after the incident is contained
Which tool is NOT mentioned in the text as part of incident response?
Incident management system
What supports the fundamental security goal of the Principle of Least Privilege?
Everyone can do everything they need to do and nothing more
What should a security professional be responsible for in an organization?
Protecting information, making decisions about technologies, and considering legal and regulatory requirements
What is the key aspect of the Prevent/Detect/Respond (PDR) approach mentioned in the text?
Prevent as much as you can
Why is Detection without response considered useless according to the text?
Because it does not align with the Principle of Least Privilege
What role does a security professional play in terms of communication with IT system administrators?
Communicate effectively to ensure understanding of security measures
Why is it important for a security professional to attend board of directors' meetings according to the text?
To talk about security in terms directors understand
What is the main focus of Directing in Information Security Governance?
Creating directives, policies, and procedures from strategic to operational level
Which Information Security Governance focus area involves aligning information security with business strategy?
Strategic alignment
What is one of the objectives of Information Security Governance?
To ensure strategic direction of information security
Which aspect does Controlling in Information Security Governance focus on?
Monitoring and reporting compliance and performance
What is the objective of managing and mitigating risks in Information Security Governance?
Reduce risks to an acceptable level
Which focus area of Information Security Governance involves planning, allocating, and controlling resources?
Resource management
Test your knowledge on security principles, policies, procedures, and the Principle of Least Privilege. This quiz covers topics related to accountability, training, prevention, detection, response, and the current state of security practices.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free