Question $1$

A champion is a project manager, who may be a departmental line manager or staff unit manager, and has expertise in project management and information security technical requirements.

Group of answer choices

True

False

Question $2$

A managerial guidance SysSP document is created by the IT experts in a company to guide management in the implementation and configuration of technology.

Group of answer choices

True

False

Question $3$

What three purposes does the ISSP serve?

Question $4$

If you work for a financial services organization such as a bank or credit union, which $1999$ law affects your use of customer data? What other effects does it have?

Question $5$

How do security considerations for temporary or contract employees differ from those for regular full$-$time employees?

Question $6$

a$)$ Job $\_\_\_\_\_$ can greatly increase the chance that an employee$$s misuse of the system or abuse of information will be detected by another employee.

b$)$ The $\_\_\_\_\_$ is a respected professional society that was established in $1947$ as $$the world$$s first educational and scientific computing society.$$

c$)$ The business $\_\_\_\_\_$ analysis is a preparatory activity common to both CP and risk management,

d$)$ The Internet brought $\_\_\_\_\_\_\_\_$ to virtually all computers that could reach a phone line or an Internet$-$connected local area network.

Question $7$

Risk $\_\_\_\_\_$ is the application of security mechanisms to reduce the risks to an organization$$s data and information systems.

choose the correct answer

a$)$treatment

b$)$assessment

c$)$identification

d$)$avoidance

Question $8$

Risk $\_\_\_\_\_$ is the assessment of the amount of risk an organization is willing to accept for a particular information asset, typically synthesized into the organization$$s overall risk appetite.

Choose the correct answer

a$)$tolerance

b$)$baseline

c$)$residual

d$)$benefit

Question $9$

There are $12$ general categories of threat to an organization's people, information, and systems. List at least six of the general categories of threat and identify at least one example of those listed

Question $10$

Provide an example of security policy for double authentication $($or called Multi Factor Authentication$),$ standard, practice, procedure, guidelines?

Question $11$

What functions does the CISO perform? list at least $4$ functions

Question $12$

Calculate the Risk value of the following:

a$)$ Customer service request via email $($Vulnerability: Email Disruption due to power failure $)$ with Probability $3,$ Impact $3$

b$)$ Customer Order via SSL $($Vulnerability: Lost orders due to Web Server or ISP service failure$)$ with Probability $2,$ Impact $5$

Which one of the above scenarios has higher risk?

Question $13$

List in order the Continuity Planning major components.

Question $14$

What are difference between Recovery Time Objective $($RTO$),$ and Recovery Point Objective $($RPO$),$ provide example how these two terms can be utilized when determining Business Process and Recovery?

Question $15$

Under Risk Management analysis, there are two key areas, Name them, and how would they connect to each other?