Why do organizations have an information security policy?

A. In order to demonstrate the operation of the Plan-Do-Check-Act cycle within an organization.

B. In order to ensure that staff do not break any laws.

C. In order to give direction to how information security is set up within an organization.

D. In order to ensure that everyone knows who is responsible for carrying out the backup procedures.

Which of the following measures is a corrective measure?

A. Incorporating an Intrusion Detection System (IDS) in the design of a computer centre

B. Installing a virus scanner in an information system

C. Making a backup of the data that has been created or altered that day

D. Restoring a backup of the correct database after a corrupt copy of the database was written over the original

In the organization where you work, information of a very sensitive nature is processed. Management is legally obliged to implement the highest-level security measures. What is this kind of risk strategy called?

A. Risk bearing

B. Risk avoiding

C. Risk neutral

What is an example of a good physical security measure?

A. All employees and visitors carry an access pass.

B. Printers that are defective or have been replaced are immediately removed and given away as garbage for recycling.

C. Maintenance staff can be given quick and unimpeded access to the server area in the event of disaster.

What is the goal of an organization's security policy?

A. To provide direction and support to information security

B. To define all threats to and measures for ensuring information security

C. To document all incidents that threaten the reliability of information

D. To document all procedures required to maintain information security