1265 お客様のコメント
質問 1:
What is the greatest risk for an organization if no information security policy has been defined?
A. Information security activities are carried out by only a few people.
B. If everyone works with the same account, it is impossible to find out who worked on what.
C. It is not possible for an organization to implement information security in a consistent manner.
D. Too many measures are implemented.
正解:C
質問 2:
What is the most important reason for applying the segregation of duties?
A. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.
B. Segregation of duties makes it clear who is responsible for what.
C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
D. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
正解:C
質問 3:
What do employees need to know to report a security incident?
A. Who is responsible for the incident and whether it was intentional.
B. Whether the incident has occurred before and what was the resulting damage.
C. The measures that should have been taken to prevent the incident in the first place.
D. How to report an incident and to whom.
正解:D
質問 4:
Why is compliance important for the reliability of the information?
A. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and therefore it guarantees the reliability of its information.
B. By meeting the legislative requirements and the regulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
C. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.
D. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.
正解:B
質問 5:
What is the best description of a risk analysis?
A. A risk analysis helps to estimate the risks and develop the appropriate security measures.
B. A risk analysis is a method of mapping risks without looking at company processes.
C. A risk analysis calculates the exact financial consequences of damages.
正解:A
What is the greatest risk for an organization if no information security policy has been defined?
A. Information security activities are carried out by only a few people.
B. If everyone works with the same account, it is impossible to find out who worked on what.
C. It is not possible for an organization to implement information security in a consistent manner.
D. Too many measures are implemented.
正解:C
質問 2:
What is the most important reason for applying the segregation of duties?
A. Segregation of duties makes it easier for a person who is ready with his or her part of the work to take time off or to take over the work of another person.
B. Segregation of duties makes it clear who is responsible for what.
C. Tasks and responsibilities must be separated in order to minimize the opportunities for business assets to be misused or changed, whether the change be unauthorized or unintentional.
D. Segregation of duties ensures that, when a person is absent, it can be investigated whether he or she has been committing fraud.
正解:C
質問 3:
What do employees need to know to report a security incident?
A. Who is responsible for the incident and whether it was intentional.
B. Whether the incident has occurred before and what was the resulting damage.
C. The measures that should have been taken to prevent the incident in the first place.
D. How to report an incident and to whom.
正解:D
質問 4:
Why is compliance important for the reliability of the information?
A. When an organization employs a standard such as the ISO/IEC 27002 and uses it everywhere, it is compliant and therefore it guarantees the reliability of its information.
B. By meeting the legislative requirements and the regulations of both the government and internal management, an organization shows that it manages its information in a sound manner.
C. Compliance is another word for reliability. So, if a company indicates that it is compliant, it means that the information is managed properly.
D. When an organization is compliant, it meets the requirements of privacy legislation and, in doing so, protects the reliability of its information.
正解:B
質問 5:
What is the best description of a risk analysis?
A. A risk analysis helps to estimate the risks and develop the appropriate security measures.
B. A risk analysis is a method of mapping risks without looking at company processes.
C. A risk analysis calculates the exact financial consequences of damages.
正解:A
松涛** -
ISO-IEC-LIとても見やすく内容もわかりやすい
効率的にまとまっているISO-IEC-LI参考書だと思います。