ISFS (Information Security Foundation based on ISO/IEC 27002)

Welcome to your ISFS (Information Security Foundation based on ISO/IEC 27002)

1) Why is compliance important for the reliability of the information?
2) An airline company employee notices that she has access to one of the company's applications that she has not used before. Is this an information security incident?
3) You are the first to arrive at work in the morning and notice that the CD ROM on which you saved contracts yesterday has disappeared. You were the last to leave yesterday. When should you report this information security incident?
4) The company XYZ seeks certification for its information security management system (ISMS). After carrying out the assets inventory and a risk analysis, the information security officer prepares to issue a list of security measures/controls from good practice, best suited to respond to identified risks. Which standard would she probably use?
5) The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following measures to assure information security:
-The security requirements for the network are specified.
-A test environment is set up for the purpose of testing reports coming from the database.
-The various employee functions are assigned corresponding access rights.
-RFID access passes are introduced for the building.
Which one of these measures is NOT a technical measure?
6) The Information Security Officer (ISO) of insurance company Euregio wishes to have a list of security measures put together.
What does she first have to do before security measures can be selected?
7) You are the owner of the courier company SpeeDelivery. On the basis of your risk analysis you have decided to take a number of measures. You have daily backups made of the server, keep the server room locked and install an intrusion alarm system and a sprinkler system. Which of these measures is a detective measure?
8) You have a small office in an industrial areA. You would like to analyze the risks your company faces. The office is in a pretty remote location; therefore, the possibility of arson is not entirely out of the question. What is the relationship between the threat of fire and the risk of fire?
9) You work for a flexible employer who doesnt mind if you work from home or on the road. You regularly take copies of documents with you on a USB memory stick that is not secure. What are the consequences for the reliability of the information if you leave your USB memory stick behind on the train?
10) You are the owner of SpeeDelivery courier service. Because of your companys growth you have to think about information security. You know that you have to start creating a policy. Why is it so important to have an information security policy as a starting point?
11) Following a risk analysis, your company must implement a technical measure in order to protect sensitive files stored in the main server. What measure is the more appropriate?
12) We can acquire and supply information in various ways. The value of the information depends on whether it is reliable. What are the reliability aspects of information?
13) What do employees need to know to report a security incident?
14) A fire breaks out in a branch office of a health insurance company. The personnel are transferred to neighboring branches to continue their work.
Where in the incident lifecycle are such stand-by arrangements found?
15) Integrity is the degree to which the information is up to date and without errors. What are integrity characteristics?
16) There was a fire in a branch of the company Midwest Insurance. The fire department quickly arrived at the scene and could extinguish the fire before it spread and burned down the entire premises. The server, however, was destroyed in the fire. The backup tapes kept in another room had melted and many other documents were lost for good. What is an example of the indirect damage caused by this fire?
17) In the reception hall of an administration office, there is a printer which all staff can use in case of emergency. The arrangement is that the printouts are to be collected immediately so that they cannot be taken away by a visitor.
What other risk for the company information does this situation have?
18) What is an example of a security incident?
19) What is an example of a physical security measure?
20) Information has a number of reliability aspects. Reliability is constantly being threatened. Examples of threats are: a cable becomes loose, someone alters information by accident, data is used privately or is falsified.
Which of these examples is the BEST example of a threat to confidentiality?
21) What is the relationship between data and information?
22) An employee in the administrative department of Smiths Consultants Inc. finds out that the expiry date of a contract with one of the clients is earlier than the start date. What type of measure could prevent this error?
23) How is the purpose of information security policy best described?
24) Your company is in the news as a result of an unfortunate action by one of your employees. The phones are ringing off the hook with customers wanting to cancel their contracts. What do we call this type of damage?
25) You work in the IT department of a medium-sized company. Confidential information has got into the wrong hands several times. This has hurt the image of the company. You have been asked to propose organizational security measures for laptops at your company. What is the first step that you should take?
26) A company experiences the following incidents. Which of these incidents is NOT a security incident?
27) Some security measures are optional. Other security measures must always be implemented.
Which measure(s) must always be implemented?
28) What is the greatest risk for an organization if no information security policy has been defined?
29) A possible risk for a company is fire damage. If this threat occurs, that is to say that a fire actually breaks out, direct and indirect damage may result. What is an example of direct damage?
30) What is a human threat to the reliability of the information on your company website?
31) Security measures can be grouped in various ways. Which of the following is correct?
32) Your organization has an office with space for 25 workstations. These workstations are all fully equipped and in use. Due to a reorganization 10 extra workstations are added, 5 of which are used for a call centre 24 hours per day. Five workstations must always be available. What physical security measures must be taken in order to ensure this?
33) Strong authentication is needed to access highly protected areas. In case of strong authentication the identity of a person is verified by using three factors.

Which factor is verified when we must enter a personal identification number (PIN)?
34) What sort of security does a Public Key Infrastructure (PKI) offer?
35) What is an example of a human threat?
36) In the organization where you work, information of a very sensitive nature is processed. Management is legally obliged to implement the highest-level (strictest) security measures. What is this kind of risk strategy called?
37) The Code for Information Security (ISO/IEC 27002) only applies to large companies. Is this statement correct?
38) A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is NOT one of the four main objectives of a risk analysis?
39) You are the owner of a growing company, SpeeDelivery, which provides courier services. You decide that it is time to draw up a risk analysis for your information system. This includes an inventory of the threats and risks. What is the relation between a threat, risk and risk analysis?
40) What is an example of a human threat?