Jumat, 27 Maret 2015

CISSP Exam Preparation (Question 289)

(289) Within the organizational environment, the security function should report to an organizational level that

A. Has information technology oversight.
B. Has autonomy from other levels.
C. Is an external operation.
D. Provides the internal audit function.

Correct Answer: B


Explanation/Reference:

- Idham Azhari

Jumat, 20 Maret 2015

CISSP Exam Preparation (Question 288)

(288) Organizations develop change control procedures to ensure that

A. All changes are authorized, tested, and recorded.
B. Changes are controlled by the Policy Control Board (PCB).
C. All changes are requested, scheduled, and completed on time.
D. Management is advised of changes made to systems.

Correct Answer: A

Explanation/Reference:

"Change Control: Changes must be authorized, tested, and recorded. Changed systems may require recertificationvand re-accreditation." Pg 699 Shon Harris: All-in-One CISSP Certification

- Idham Azhari

Minggu, 15 Maret 2015

CHAP 1: Information Security Governance and Risk Management - Introduction

CHAPTER 1: Information Security Governance and Risk Management

Exam Objectives in this Chapter

  • Risk analysis
  • Information security governance

INTRODUCTION

Our job as information security professionals is to evaluate risks against our critical assets and deploy safeguards to mitigate them. We work in various roles as firewall engineers, penetration testers, auditors, management, and the like. The common thread is risk: It is part of our job description.

The Information Security Governance and Risk Management domain focuses on risk analysis and mitigation. It also details security governance, or the organizational structure required for a successful information security program. The difference between organizations that are successful and those that fail in this realm is usually not tied to dollars or staff size: It is tied to the right people in the right roles. Knowledgeable and experienced information security staff and supportive and vested leadership are the keys to success.

Speaking of leadership, learning to speak the language of leaders is another key to personal success in this industry. The ability to effectively communicate information security concepts with C-level executives is a rare and needed skill. This domain also helps you speak this language by discussing risk in terms such as Total Cost of Ownership (TCO) and Return on Investment (ROI).

- Quoted by Idham Azhari from Eleventh Hour CISSP - Study Guide

Jumat, 13 Maret 2015

CISSP Exam Preparation (Question 287)

(287) Information security is the protection of data. Information will be protected mainly based on:

A. Its sensitivity to the company.
B. Its confidentiality.
C. Its value.
D. All of the choices.

Correct Answer: D

Explanation/Reference:

Information security is the protection of data against accidental or malicious disclosure, modification, or destruction. Information will be protected based on its value, confidentiality, and/or sensitivity to the company, and the risk of loss or compromise. At a minimum, information will be update-protected so that only authorized individuals can modify or erase the information.

- Idham Azhari

Jumat, 06 Maret 2015

CISSP Exam Preparation (Question 286)

(286) The security planning process must define how security will be managed, who will be responsible, and

A. Who practices are reasonable and prudent for the enterprise.
B. Who will work in the security department.
C. What impact security will have on the intrinsic value of data.
D. How security measures will be tested for effectiveness.

Correct Answer: D


Explanation/Reference:

- Idham Azhari