You learned from the news that the World Health Organization (WHO) is closely monitoring a novel deadly coronavirus under spreading. As a CISO, which of the following will you do first?
A. Implement emergent update for latest antivirus signatures
B. Conduct the exercise of the Occupant Emergency Plan (OEP)
C. Enable the incident response plan and security incident response team
D. Review and test the business continuity plan (BCP)
Continue reading →

As a CISSP working for a direct bank based in Taiwan that relies entirely on internet banking, you are participating in a development meeting for threat modeling the customer relationship management (CRM) system, a web application. A member identifies an attack vector that malicious users might manipulate query parameters in the URL resulting in a server buffer overflow. Which of the following should be conducted first?
A. Replace the static array as the buffer with a dynamic one
B. Refer to OWASP Top 10 for suggested solutions
C. Evaluate how easy for a malicious user to make it
D. Authenticate every user input
Continue reading →

As a CISSP working for a direct bank based in Taiwan that relies entirely on internet banking that involves credit card business, you are reviewing compliance requirements. Which of the following is least related to the compliance issue?
A. Customer’s contracts
B. Foreign laws
C. (ISC)² Code of Ethics
D. Due diligence in mergers and acquisitions
Continue reading →

Coming soon!

Working hard on organizing knowledge points into models.

As a CISSP working for a direct bank based in Taiwan that relies entirely on internet banking, you are collaborating with the software development team of the customer relationship management (CRM) system to address security concerns. Which of the following approaches or standards will you least likely to employ?
A. Security function
B. XP (eXtreme Programming)
C. ISO 15288
D. The Sherwood Applied Business Security Architecture (SABSA)
Continue reading →

Enterprise architecture is a structural expression of an enterprise from various perspectives, such as:

• Business: products and services
• Structure: organizational units and people
• Processes: value chains and information and material flow
• Technologies: infrastructure, systems, and data

As a result, enterprise architecture helps in 1) realizing an organization and its operations, 2) communicating needs and requirements, and 3) designing and developing systems.

An enterprise architecture framework provides principles and practices for creating and using the architecture description of an enterprise.

Zachman (1987), TOGAF (1995), and the Federal Enterprise Architecture Framework (1999) are well-known enterprise architecture frameworks.

References

• Enterprise architecture framework
• A Comparison of the Top Four Enterprise Architecture Approaches in 2014

As a CISO working for a direct bank based in Taiwan that relies entirely on internet banking, you are collaborating with the Human Resources (HR) department to improve personnel security. Which of the following will you suggest to review first?
A. Role-based access control mechanisms
B. Background investigation procedures
C. Implementation of separation of duties
D. Effectiveness and correctness of job descriptions
Continue reading →