ITSMA - L2 Terminologies and types of IT AUDIT - PART 1
10 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is IT Security Management?

  • A process used to achieve and maintain the confidentiality, integrity and availability of an organization’s data, information and IT services. (correct)
  • A process used to achieve and maintain the confidentiality, integrity and availability of an organization’s financial assets.
  • A process used to achieve and maintain the confidentiality, integrity and availability of an organization’s physical assets
  • A process used to achieve and maintain the confidentiality, integrity and availability of an organization’s human resources.

Which of the following is not an IT security management function?

  • Determining organizational IT security objectives, strategies and policies
  • Identifying and analyzing security threats to IT assets
  • Implementing and maintaining a security awareness program
  • Developing and implementing a disaster recovery plan (correct)

Who should be accountable for the protection of information assets in an organization?

  • The IT department
  • The CEO
  • The owners of the assets (correct)
  • The government

What is the purpose of an IT Audit?

<p>To evaluate the system’s internal control design and effectiveness (B)</p> Signup and view all the answers

What is the goal of an Information Security Policy?

<p>To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. (A)</p> Signup and view all the answers

What is the first step in the model process for managing information security according to ISO 27001:2013?

<p>Establish security policy, objectives, processes and procedures (A)</p> Signup and view all the answers

What is the purpose of the "Check" step in the model process for managing information security according to ISO 27001:2013?

<p>To assess and measure process performance against security policy, objectives and practical experience (A)</p> Signup and view all the answers

What is the first step in the Risk Assessment process?

<p>Identify assets and determine the level of acceptable risk (C)</p> Signup and view all the answers

What is the difference between Qualitative and Quantitative Risk Analysis?

<p>Qualitative Risk Analysis assigns labels such as high, medium, and low while Quantitative Risk Analysis tries to determine the value of risk by quantifying the risk with two variables: monetary loss and time (B)</p> Signup and view all the answers

What is ISO 27001:2013?

<p>A standard that provides requirements for an organization’s Information Security Management System (ISMS) (D)</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser