ITSMA - L2 Terminologies and types of IT AUDIT - PART 1
10 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is IT Security Management?

  • A process used to achieve and maintain the confidentiality, integrity and availability of an organization’s data, information and IT services. (correct)
  • A process used to achieve and maintain the confidentiality, integrity and availability of an organization’s financial assets.
  • A process used to achieve and maintain the confidentiality, integrity and availability of an organization’s physical assets
  • A process used to achieve and maintain the confidentiality, integrity and availability of an organization’s human resources.
  • Which of the following is not an IT security management function?

  • Determining organizational IT security objectives, strategies and policies
  • Identifying and analyzing security threats to IT assets
  • Implementing and maintaining a security awareness program
  • Developing and implementing a disaster recovery plan (correct)
  • Who should be accountable for the protection of information assets in an organization?

  • The IT department
  • The CEO
  • The owners of the assets (correct)
  • The government
  • What is the purpose of an IT Audit?

    <p>To evaluate the system’s internal control design and effectiveness</p> Signup and view all the answers

    What is the goal of an Information Security Policy?

    <p>To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations.</p> Signup and view all the answers

    What is the first step in the model process for managing information security according to ISO 27001:2013?

    <p>Establish security policy, objectives, processes and procedures</p> Signup and view all the answers

    What is the purpose of the "Check" step in the model process for managing information security according to ISO 27001:2013?

    <p>To assess and measure process performance against security policy, objectives and practical experience</p> Signup and view all the answers

    What is the first step in the Risk Assessment process?

    <p>Identify assets and determine the level of acceptable risk</p> Signup and view all the answers

    What is the difference between Qualitative and Quantitative Risk Analysis?

    <p>Qualitative Risk Analysis assigns labels such as high, medium, and low while Quantitative Risk Analysis tries to determine the value of risk by quantifying the risk with two variables: monetary loss and time</p> Signup and view all the answers

    What is ISO 27001:2013?

    <p>A standard that provides requirements for an organization’s Information Security Management System (ISMS)</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Browser