Professional Documents
Culture Documents
Privacy legislation such as ________ will influence how information is stored and managed
within the enterprise and how resources are deployed to ensure that it complies with this
legislation.
A. Non-Disclosure Agreement
B. Service Level Agreement
C. Data Protection Act
D. Cybersecurity & Cybercrime Act 2021
2. Information Security Governance is doing the right thing and Information Security
Management is doing things right. If we say Accountability in Governance, to which of the
following are we referring to in Management?
A. Flexibility
B. Responsibility
C. Assurance
D. Operability
A. Risk Management
B. Governance
C. ISMS
D. Security
True or False?
Answer: …True……….
True or False?
Answer: …False……….
7. A ________ exercise should be completed before the audit or review is started and a checklist
should be developed to measure the efficacy of the assurance controls.
A. Inventory
B. Gap Assessment
C. Scoping
D. Risk Assessment
8. Once the results of an audit or review is recorded within a formal report and presented by the
reviewer to both senior management and the manager, which type of plan should be agreed
upon by both the reviewer and the senior management?
A. A governance plan
B. A security framework plan
C. A risk assessment plan
D. A corrective action plan
9. There are normally five phases in the management of an incident. Assessment, Reporting,
Investigation, Review and:
A. Planning
B. Corrective action
C. Act
D. Audit
A. Legal standing
B. Due diligence
C. Money involved
D. Disciplinary action
11. The most obvious elements of a code of conduct are the obligations placed upon employees
regarding ________________.
A. nature of work
B. ethics and standards of the organisation
C. awareness
D. malware infection
12. There are many situations where those intending to damage an organisation or its assets use
the __________ of staff to achieve their aims.
A. Address
B. contractual details
C. social behavior
D. phone number
13. The ____________, also known as an end-user code of practice, is the document that defines
the standards for the use of organizational information and communications systems by
employees.
14. Attacking and compromising the information security of an organisation is commonly termed
as?
A. System maintenance
B. System misuse
C. System upgrade
D. System down
15. To limit the dependence that an organisation has upon any one individual is called:
A. acceptable use
B. code of conduct
C. segregation of duties
D. knowledge transfer
A. Financial engagement
B. Compliance engagement
C. Due diligence engagement
D. Training engagement
17. Which of the following is responsible for driving the need for information assurance in an
organisation?
A. Risk Managers
B. Board Members
C. Compliance Officers
D. Internal Auditors
18. Reinforcing the Code of Conduct and ethical behavior standards for all internal auditors can
protect which of the following?
19. Biometrics have distinct advantages over many other forms of identification and authentication
methods because they are free with every user and very difficult to steal or lose.
True or False?
……True……………….
20. Users should only be granted _________ level of privilege to perform the role assigned to
them.
A. Excess
B. Maximum
C. Minimum
D. None of the above
21. The role of the administrator providing access control consists of which of the following:
A. Not removing user access rights when staffs leave the organisation
B. Not modifying user access rights if they change role within the organisation
C. Enrolling new users in the system after appropriate validation of identity
D. None of the above
22. Organisations do not need their staff and any third parties accessing their information to
comply with the information assurance policies and procedures in order to reduce the
likelihood of assurance issues.
True or False?
……False………
23. Security awareness and training should be seen as which type of process?
A. One-off
B. Continuous
C. Unique
D. Single
24. Tests and reviews should be repeated at periodic intervals to look for any new issues of
technology, threats or processes that need to be addressed.
True or False?
Answer: ……True………