ISFS (Information Security Foundation based on ISO/IEC 27002)

Welcome to your ISFS (Information Security Foundation based on ISO/IEC 27002)

1) Information has a number of reliability aspects. Reliability is constantly being threatened. Examples of threats are: a cable becomes loose, someone alters information by accident, data is used privately or is falsified.
Which of these examples is the BEST example of a threat to confidentiality?
2) You are the owner of the courier company SpeeDelivery. You employ a few people who, while waiting to make a delivery, can carry out other tasks. You notice, however, that they use this time to send and read their private mail and surf the Internet. In legal terms, in which way can the use of the Internet and e-mail facilities be best regulated?
3) A couple of years ago you started your company which has now grown from 1 to 20 employees.
Your companys information is worth more and more and gone are the days when you could keep it all in hand yourself. You are aware that you have to take measures, but what should they be? You hire a consultant who advises you to start with a qualitative risk analysis. What is a qualitative risk analysis?
4) The Information Security Officer (ISO) of insurance company Euregio wishes to have a list of security measures put together.
What does she first have to do before security measures can be selected?
5) Four staff members of the IT department share one pass for the computer room.
What risk does this lead to?
6) Why is compliance important for the reliability of the information?
7) You are the owner of the SpeeDelivery courier service. Last year you had a firewall installed. You now discover that no maintenance has been performed since the installation. What is the biggest risk because of this?
8) You are the owner of SpeeDelivery courier service. Because of your companys growth you have to think about information security. You know that you have to start creating a policy. Why is it so important to have an information security policy as a starting point?
9) What is an example of a security incident?
10) Under which condition is an employer permitted to check if Internet and email services in the workplace are being used for private purposes?
11) An administration office is going to determine the dangers to which it is exposed.
What do we call a possible event that can have a disruptive effect on the reliability of information?
12) Which important statutory norm in the area of information security does the government have to meet?
13) Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?
14) How is the purpose of information security policy best described?
15) Our access to information is becoming increasingly easy. Still, information has to be reliable in order to be usable.
What is not a reliability aspect of information?
16) What is the definition of the Annual Loss Expectancy?
17) You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks. What is the relation between a threat, risk and risk analysis?
18) Integrity is the degree to which the information is up to date and without errors. What are integrity characteristics?
19) You work for a flexible employer who doesnt mind if you work from home or on the road. You regularly take copies of documents with you on a USB memory stick that is not secure. What are the consequences for the reliability of the information if you leave your USB memory stick behind on the train?
20) You work in the IT department of a medium-sized company. Confidential information has got into the wrong hands several times. This has hurt the image of the company. You have been asked to propose organizational security measures for laptops at your company. What is the first step that you should take?
21) Which of the following security measures is a technical measure?
22) Following a risk analysis, your company must implement a technical measure in order to protect sensitive files stored in the main server. What measure is the more appropriate?
23) What is an example of a physical security measure?
24) A smoke alarm is placed in a computer room. Under which category of security measures does this fall?
25) The Code for Information Security (ISO/IEC 27002) only applies to large companies. Is this statement correct?
26) What is an example of a non-human threat to the physical environment?
27) There is a network printer in the hallway of the company where you work. Many employees dont pick up their printouts immediately and leave them in the printer. What are the consequences of this to the reliability of the information?
28) Which of the following measures is a preventive measure?
29) Which one of the threats listed below can occur as a result of the absence of a physical measure?
30) Your company is in the news as a result of an unfortunate action by one of your employees. The phones are ringing off the hook with customers wanting to cancel their contracts. What do we call this type of damage?
31) What is a human threat to the reliability of the information on your company website?
32) What is a risk analysis used for?
33) On the basis of which legislation can someone request to inspect the data that has been registered about him or her?
34) You own a small company in a remote industrial area. Lately, the alarm regularly goes off in the middle of the night. It takes quite a bit of time to respond to it and it seems to be a false alarm every time. You decide to set up a hidden camera. What is such a measure called?
35) Why is it necessary to keep a disaster recovery plan up to date and to test it regularly?
36) Which of these is not malicious software?
37) In order to take out a fire insurance policy, an administration office must determine the value of the data that it manages.
Which factor is not important for determining the value of data for an organization?
38) You have a small office in an industrial areA. You would like to analyze the risks your company faces. The office is in a pretty remote location; therefore, the possibility of arson is not entirely out of the question. What is the relationship between the threat of fire and the risk of fire?
39) Security measures can be grouped in various ways. Which of the following is correct?
40) What is an example of an organizational measure?