When a cyber incident is confirmed, who is in charge of the incident?
|
CEO |
||
|
CIO |
||
|
COO |
||
|
CFO |
A vulnerability is a weakness that could be exploited by a threat source.
True
False
Which is not an impact of a cyber incident?
| a. |
Loss of reputation |
|
| b. |
Loss of employee trust |
|
| c. |
Productivity reductions |
|
| d. |
Monetary improvement |
Continuous monitoring is _____________________
|
Optional after the system has gone operational. |
||
|
used to maintain ongoing aware of the security, vulnerabilities and threats. |
||
|
Accessing controls before the system is operational |
||
|
Completed usually every 5 years. |
The goal of cyber security risk management is to ensure that the confidentiality, integrity, availability and accountability of the organization's resources are maintained at an acceptable level.
True
False
Following is the answer:
When a cyber incident is confirmed, who is in charge of the
incident?
CEO
A vulnerability is a weakness that could be exploited by a
threat source.
True
Which is not an impact of a cyber incident?
Loss of employee trust
Continuous monitoring is__________
used to maintain ongoing aware of the security, vulnerabilities and
threats
The goal of cyber security risk management is to ensure that the
confidentiality, integrity, availability and accountability of the
organization's resources are maintained at an acceptable
level.
True
When a cyber incident is confirmed, who is in charge of the incident? CEO CIO COO...
Which role has the PRIMARY responsibility for the documentation of control implementation? Systems security engineer Control assessor Information System Owner (ISO) Information Owner/Steward When making determinations regarding the adequacy of common controls for their respective systems, Information System Owner (ISO) refer to the Common Control Providers’ (CCP) Privacy Impact Assessment (PIA) Business Impact Analysis (BIA) Authorization Packages Vulnerability Scans An organization-wide approach to identifying common controls early in the Risk Management Framework (RMF) process does which of the following? Considers...
A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...
TRUE/FALSE QUESTIONS: Foundations of Information Security and Assurance 1. There is a problem anticipating and testing for all potential types of non-standard inputs that might be exploited by an attacker to subvert a program. 2. Without suitable synchronization of accesses it is possible that values may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values. 3. The biggest change of the nature in Windows XP SP2 was to change all anonymous remote procedure call (RPC)...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...