A loyal customer called the service center to order a product on promotion with 50% off. He visited the company’s website to order the same product again but received no discount. He is complaining about it. Which of the following is the best role that should address this problem? A. Data owner B. Data steward C. Data custodian D. Information system owner
As a CISO, which of the following is your most significant responsibility? A. Classify information assets B. Position and integrate security function C. Conduct security audits to ensure compliance D. Conduct business impact analysis to determine maximum tolerable downtime
You are one of the business continuity team members and sitting in a meeting conducting business impact analysis. Critical or prioritized activities that support the delivery of products and services are identified and under discussion. Which of the following metrics is most likely not defined for each activity? A. The time within which the impacts of not resuming activities would become unacceptable B. The time frames for resuming activities at specified minimum acceptable capacities C. The minimum business continuity objective (MBCO) or service delivery objective (SDO) D. The point up to which information and data used by an activity is appropriately current
You work for a system integrator based in the US that provides consulting and maintenance services to banks issuing credit cards. Your company is subject to contractual obligations being certified by a third-party auditor to provide security assurance. Which of the following is the primary contractualcompliance requirements your company shall comply with? A. Payment Card Industry Data Security Standard (PCI DSS) B. Service Organization Control (SOC) C. Gramm-Leach-Bliley Act (GLBA) D. General Data Protection Regulation (GDPR)
Bell-LaPadula (BLP) model is a formal model for access control based on the finite state machine and lattice (partially ordered set) to control simple operations (read) and all other operations (*, e.g., write) that cause information flow from the high level to the low level to enforce confidentiality.
The mandatory access control (MAC) mechanism of the TCSEC, aka the Orange book, is based on the BLP model.
A newly hired CISO got onboard recently. He proposed a grand information security strategy called “zero risks.” As the CEO, which of the following should you do? A. Approve the strategy and report to the board B. Reject the strategy and ask for detailed risk assessment C. Invite feedback from the senior management team and the board D. Issue a program policy to initiate the information security program
Systems Engineering is a discipline of applying knowledge to create or acquire a system that is composed of interrelated elements collaborating for a common purpose throughout the system development life cycle (SDLC), or system life cycle (SLC). A life cycle is a collection of predefined stages and processes.
Security Engineering is a specialty discipline of systems engineering. It addresses the protection needs or security requirements throughout the system life cycle.
A divestiture (or divestment) is the disposal of a company’s assets or a business unit through a sale, exchange, closure, or bankruptcy; it is also a way to stay focused and remain profitable as companies grow and get involved in too many business lines.As a security professional, which of the following should you consider first to facilitate a divestiture? A. Assets in scope B. Business disruption C. Leaks of intellectual property D. Data privacy non-compliance