M1-Security Governance Through Principles and Policies

Question 1

What are the primary goals and objective of a security infrastructure

Answer 1

Confidentiality, Integrity, Availability - CIA

Question 2

Principle that focuses on protection from unintentional,accidental, or inadvertent change

Answer 2

Integrity

Question 3

Process of tracing actions to their source

Answer 3

Accountability

Question 4

Principle that only authorized subjects have access

Answer 4

Confidentiality

Question 5

Positive identification of a person or a system

Answer 5

Authentication

Question 6

Process used to develop confidence that the security measures are working as intended

Answer 6

Assurance

Question 7

Principle that relates to operations and accessibility

Answer 7

Availability

Question 8

Granting users and systems a predetermined level of access

Answer 8

Authorization

Question 9

Confidence that the system will work in a correct and predictable manner

Answer 9

Trustworthy computing

Question 10

Logging of access and use of information resources

Answer 10

Accounting

Question 11

Expanded view of information security to include external relations

Answer 11

Cyber security

Question 12

A logical structure used to document and organize processes

Answer 12

Framework

Question 13

Framework for designing, establishing, implementing, maintaining and monitoring an information security program

Answer 13

ISMS = Information Security Management System

Question 14

Internationally recognized information security framework

Answer 14

ISO27000

Question 15

Payment Card Industry contractually enforced framework

Answer 15

PCI-DSS Payment Card Industry Data Security Standard

Question 16

This type of metric is intended to help organization to compare themselves to peers

Answer 16

Benchmark

Question 17

The publisher of the SP800 series

Answer 17

NIST-National Institute of Standards and Technology

Question 18

This program is the US government repository of publicly available security guidance

Answer 18

NCP - National Checklist Program

Question 19

This US framework is voluntary guidance, based on existing standards, guidelines, and practices for critical infrastructure organisations to better manage and reduce cyber-security risk

Answer 19

NIST Cybersecurity framework

Question 20

Voluntary Cyber-security framework designed specifically for the healthcare sector

Answer 20

HITRUST

Question 21

The US gov repository of standards based vulnerability management data

Answer 21

NVD - National Vulnerability Database