The company Midwest Insurance has taken many measures to protect its information. It uses an Information Security Management System, the input and output of data in applications is validated, confidential documents are sent in encrypted form and staff use tokens to access information systems. Which of these is not a technical measure?
A. Information Security Management System
B. The use of tokens to gain access to information systems
C. Validation of input and output data in applications
D. Encryption of information
Peter works at the company Midwest Insurance. His manager, Linda, asks him to send the terms and conditions for a life insurance policy to Rachel, a client. Who determines the value of the information in the insurance terms and conditions document?
A. The recipient, Rachel
B. The person who drafted the insurance terms and conditions
C. The manager, Linda
D. The sender, Peter
A non-human threat for computer systems is a flood. In which situation is a flood always a relevant threat?
A. If the risk analysis has not been carried out.
B. When computer systems are kept in a cellar below ground level.
C. When the computer systems are not insured.
D. When the organization is located near a river.
You are a consultant and are regularly hired by the Ministry of Defense to perform analysis. Since the assignments are irregular, you outsource the administration of your business to temporary workers. You don't want the temporary workers to have access to your reports. Which reliability aspect of the information in your reports must you protect?
A. Availability
B. Integrity
C. Confidentiality
What is the relationship between data and information?
A. Data is structured information.
B. Information is the meaning and value assigned to a collection of data.
Midwest Insurance grades the monthly report of all claimed losses per insured as confidential. What is accomplished if all other reports from this insurance office are also assigned the appropriate grading?
A. The costs for automating are easier to charge to the responsible departments.
B. A determination can be made as to which report should be printed first and which one can wait a little longer.
C. Everyone can easiliy see how sensitive the reports' contents are by consulting the grading label.
D. Reports can be developed more easily and with fewer errors.
Midwest Insurance controls access to its offices with a passkey system. We call this a preventive measure. What are some other measures?
A. Detective, repressive and corrective measures
B. Partial, adaptive and corrective measures
C. Repressive, adaptive and corrective measures
You read in the newspapers that the ex-employee of a large company systematically deleted files out of revenge on his manager. Recovering these files caused great losses in time and money. What is this kind of threat called?
A. Human threat
B. Natural threat
C. Social Engineering
Which is a legislative or regulatory act related to information security that can be imposed upon all organizations?
A. ISO/IEC 27001:2005
B. Intellectual Property Rights
C. ISO/IEC 27002:2005
D. Personal data protection legislation
You are the first to arrive at work in the morning and notice that the CD ROM on which you saved contracts yesterday has disappeared. You were the last to leave yesterday. When should you report this information security incident?
A. This incident should be reported immediately.
B. You should first investigate this incident yourself and try to limit the damage.
C. You should wait a few days before reporting this incident. The CD ROM can still reappear and, in that case, you will have made a fuss for nothing.