Security Management

Question 1

What does CIRT stand for and what is its primary responsibility?

Answer 1

Cyber Incident Response Team – responsible for responding to security breaches, viruses, and other cybersecurity incidents.

Question 2

What does SOC stand for and what is its primary responsibility?

Answer 2

Security Operations Center – responsible for continuously monitoring and analyzing an organization’s security posture.

Question 3

What is Security Awareness in an organization?

Answer 3

A formal process for training and educating employees about IT protection, ensuring they understand and follow security policies.

Question 4

Name three key components of a Security Awareness program.

Answer 4

Programs to educate employees

Emphasizing individual responsibility for company security policies

Measures to audit and assess awareness efforts

Question 5

What is A.5 Information security policies?

Answer 5

Controls on how the policies are written and reviewed

Question 6

What is A.6 Organization of information security?

Answer 6

Controls how responsibilities are assigned; includes mobile & teleworking

Question 7

What is A.7 Human resources security

Answer 7

Controls prior to employment, during employment, and after employment

Question 8

What is A.8 Asset management

Answer 8

Controls related to inventory of assets and acceptable use

Question 9

What is A.9 Access control ?

Answer 9

Controls for Access control policy, user access management, system and application

Question 10

What is A.10 Cryptography?

Answer 10

Controls related to encryption and key management

Question 11

What is A.11 Physical and environmental security?

Answer 11

Controls defining secure areas, entry controls, protection against threats,..

Question 12

What is A.12 Operational security?

Answer 12

Controls related to management of IT production

Question 13

What is A.13 Communication security?

Answer 13

Controls related to network security, segregation, network services

Question 14

What is A.14 System acquisition, development and maintenance?

Answer 14

Controls defining security requirements and security development/support process

Question 15

What is A.15 Supplier relationships?

Answer 15

Controls on what to include in agreements, and how to monitor the suppliers

Question 16

What is A.16 Information security incident management?

Answer 16

Controls for reporting events and weaknesses, defining responsibilities,…

Question 17

What is A.17 Information security aspects of business continuity management?

Answer 17

Controls requiring the planning of business continuity, procedures, verification and reviewing

Question 18

What is A.18 Compliance?

Answer 18

Controls requiring identification of applicable laws and regulations