Reference no: EM132299555
1. The process approach for information security management encourages its user to emphasize the implementation of:
a. Monitoring and reviewing the performance of implementing controls.
b. Implementing and operating controls to manage an organization’s information security risks in the context of the organization’s overall business risks.
c. Continual improvement based on incident’s experience.
d. None of the above.
2. The term "information security incident" refers to a(n):
a. Identified occurrence of a system, service or network state indicating a possible breach of information security policy or failure of controls, or a previously unknown situation that may be security relevant.
b. Single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security.
c. Potential that a threat will exploit a vulnerability of an asset or group of assets and thereby cause harm to the organization.
d. All of the above
3. When should the BCP be reviewed?
a. Whenever encountering a disaster.
b. When the legal department says to.
c. At least annually or whenever significant changes occur.
d. Whenever the company gets audited.
4. Why are enterprise messaging systems being used by more businesses?
Anyone can access the system and participate in the conversations
A. They avoid mimicking conversations
B. There are no centralized control mechanisms on the Internet
C. They are better at enabling and capturing communication flows needed for team work
D. The response times are reduced to allow more thoughtful responses