Which of the following processes help ensure the organization’s capability to acquire and supply products or services through the initiation, support, and control of projects and provide resources and infrastructure necessary to support projects? (Wentz QOTD)
A. Agreement processes
B. Organizational project-enabling processes
C. Technical management processes
D. Technical processes
Attribute-Based Access Control (ABAC) is a logical access control model that is distinguishable because it controls access to objects by evaluating rules against the attributes of the entity’s actions relevant to a request. Which of the following is not a source of attributes used in ABAC? (Wentz QOTD)
A. Security kernel
C. The active party of the request
D. The resource accessed by the subject
After risk assessment, your company plans to equip laptops used by sales representatives with FIPS 140-2 Level 3 compliant self-encrypting drives as a countermeasure to protect around 10% of confidential data stored on hard drives. You are analyzing the residual risk using a quantitative approach in another iteration of risk assessment after the risk treatment. Which of the following is the primary and direct factor subject to change due to the risk treatment? (Wentz QOTD)
A. Asset value
B. Exposure factor
C. Annual loss expectancy
D. Annualized rate of occurrence
An information system needs the official management decision given by a senior organizational official to authorize the operation and to accept the residual risk explicitly. Which of the following provides the final decision? (Wentz QOTD)
A. Risk-based auditing
B. Authoritative accreditation
C. Comprehensive security assessment
D. Third-party security evaluation using objective criteria
An employee reported a sexual harassment case to management. Which of the following should your organization conduct first? (Wentz QOTD)
A. Submit a change request
B. Respond to an E-Discovery request
C. Review the acceptable use policy
D. Initiate administrative investigation
Investigation: systematic or formal process of inquiring into or researching, and examining facts or materials associated with a matter.
Source: ISO/IEC 27035-3:2020 Information technology — Information security incident management — Part 3: Guidelines for ICT incident response operations
Evidence: Grounds for belief or disbelief; data on which to base proof or to establish truth or falsehood.
Note 1: Evidence can be objective or subjective. Evidence is obtained through measurement, the results of analyses, experience, and the observation of behavior over time.
Note 2: The security perspective places focus on credible evidence used to obtain assurance, substantiate trustworthiness, and assess risk.
Source: NIST SP 800-160 Vol. 1
Evidence: information supporting the occurrence of an event or action.
Note 1 to entry: Evidence does not necessarily prove the truth or existence of something but can contribute to the establishment of such a proof.
Source: ISO/IEC 13888-1:2020 Information security — Non-repudiation — Part 1: General
Forensics: The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.
Source: CNSSI 4009-2015
Digital forensics: In its strictest connotation, the application of computer science and investigative procedures involving the examination of digital evidence – following proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possibly expert testimony.
Source: CNSSI 4009-2015 from DoDD 5505.13E
Forensic science: The use or application of scientific knowledge to a point of law, especially as it applies to the investigation of crime
Source: NISTIR 8006 from SWDGE v2.0
Forensic copy: An accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.
Source: CNSSI 4009-2015 from NIST SP 800-72
- 調查(investigation): 為深入了解特定人,事,物等事實, 所採行之正式而系統化的探詢, 查驗及研究.
- 證據(evidence): 可以支持或證明某一事件、行動或判定事實真假之資訊.
- 鑑識(forensics): 為法律檢調之目的所採行之證據採集, 保存及分析等作為.
A financial specialist in your company needs a specific version of a spreadsheet that is enlisted in your company’s whitelist of approved software. As a member of the IT support team, which of the following should you do first? (Wentz QOTD)
A. Submit a change request to install the specified software
B. Download the software from the open-source community
C. Ensure the software is the latest version
D. Install the software stored on the company’s distribution points
Which of the following is least subject to licensing requirements? (Wentz QOTD)
A. Use of open source software components
B. Use of a sign which identifies products or services of a particular source from those of others
C. Use of a patented algorithm that belongs to the public domain
D. Use of a copyrighted document with a watermark
Which of the following is least likely to be used to implement authentication? (Wentz QOTD)
A. Public key infrastructure
D. HTTP Basic Authentication