CISSP All-in-One Exam Guide PDF Questions
Document Details
Uploaded by PlentifulMonkey
Universidad Autónoma de Nuevo León
Tags
Summary
This document contains questions and answers on concepts related to information security management systems (ISMS), including key performance indicators (KPIs) and risk indicators. The text includes descriptions of factors, measurements, baselines, metrics, and indicators within an ISMS context and concepts of disaster recovery and business continuity.
Full Transcript
CISSP All-in-One Exam Guide 878 discussed in the previous chapter, we hope to have given you useful insights into how to measure and improve your ISMS, particularly when improvements depend on your abil- ity to persuade other leaders in your organization to...
CISSP All-in-One Exam Guide 878 discussed in the previous chapter, we hope to have given you useful insights into how to measure and improve your ISMS, particularly when improvements depend on your abil- ity to persuade other leaders in your organization to support your efforts. This all sets the stage for the next part of this book: “Security Operations.” Quick Review A factor is an attribute of an ISMS that has a value that can change over time. A measurement is a quantitative observation of a factor at a particular point in time. A baseline is a value for a factor that provides a point of reference or denotes that some condition is met by achieving some threshold value. A metric is a derived value that is generated by comparing multiple measurements against each other or against a baseline. Good metrics are relevant, quantifiable, actionable, robust, simple, and comparative. An indicator is a particularly important metric that describes a key element of the effectiveness of an ISMS. A key performance indicator (KPI) is an indicator that is particularly significant in showing the performance of an ISMS compared to its stated goals. Key risk indicators (KRIs) measure the risk inherent in performing a given action or set of actions. Privileged user accounts pose significant risk to the organization and should be carefully managed and controlled. User accounts should be promptly suspended whenever the user departs the organization permanently or for an extended period. Data backups should not be considered reliable unless they have been verified to be usable to restore data. Business continuity is the term used to describe the processes enacted by an organization to ensure that its vital business processes remain unaffected or can be quickly restored following a serious incident. Disaster recovery focuses on restoring the information systems after a disastrous event and is a subset of business continuity. Security training is the process of teaching a skill or set of skills that enables people to perform specific functions better. Security awareness training is the process of exposing people to security issues so that they are able to recognize and respond to them better. Social engineering, in the context of information security, is the process of manipulating individuals so that they perform actions that violate security protocols. Phishing is social engineering conducted through a digital communication. Chapter 19: Measuring Security 879 A drive-by download is an automatic attack that is triggered simply by visiting a malicious website. Disaster recovery and business continuity processes both need to be evaluated regularly to ensure they remain effective in the face of environmental changes in and around the organization. Reports must be written with a specific audience in mind if they are to be effective. A management review is a formal meeting in which senior organizational leaders determine whether the information security management systems are effectively accomplishing their goals. Questions Please remember that these questions are formatted and asked in a certain way for a reason. Keep in mind that the CISSP exam is asking questions at a conceptual level. Questions may not always have the perfect answer, and the candidate is advised against always looking for the perfect answer. Instead, the candidate should look for the best answer in the list. 1. What is a key performance indicator (KPI)? A. A value for a factor that denotes that some condition is met B. The result of comparing multiple measurements C. A significant indicator that shows the performance of an ISMS D. A quantitative observation of a factor of an ISMS at a point in time 2. Which of the following is true about key risk indicators (KRIs)? A. They tell managers where an organization stands with regard to its goals. B. They are inputs to the calculation of single loss expectancy (SLE). C. They tell managers where an organization stands with regard to its risk appetite. D. They represent an interpretation of one or more metrics that describes the effectiveness of the ISMS. PART VI 3. All of the following are normally legitimate reasons to suspend rather than delete user accounts except A. Regulatory compliance B. Protection of the user’s privacy C. Investigation of a subsequently discovered event D. Data retention policy 4. Data backup verification efforts should A. Have the smallest scope possible B. Be based on the threats to the organization C. Maximize impact on business D. Focus on user data
