BLOGSPOT atas

Friday, September 26, 2014

CISSP Exam Preparation (Question 263)

(263) Why must senior management endorse a security policy?

A. So that they will accept ownership for security within the organization.
B. So that employees will follow the policy directives.
C. So that external bodies will recognize the organizations commitment to security.
D. So that they can be held legally accountable.

Correct Answer: A

Explanation/Reference:
This really does not a reference as it should be known. Upper management is legally accountable (up to 290 million fine). External organizations answer is not really to pertinent (however it stated that other organizations will respect a BCP and disaster recover plan). Employees need to be bound to the policy regardless of who signs it but it gives validity. Ownership is the correct answer in this statement. However, here is a reference. "Fundamentally important to any security program's success us the senior management's high-level statement of commitment to the information security policy process and a senior management's understanding of how important security controls and protections are to the enterprise's continuity. Senior management must be aware of the importance of security implementation to preserve the organization's viability (and for their own 'due care' protection) and must publicly support that process throughout the enterprise." -Ronald Krutz The CISSP PREP Guide (gold edition) pg 13

- Muhammad Idham Azhari

Friday, September 19, 2014

CISSP Exam Preparation (Question 262)

(262) What is the function of a corporate information security policy?

A. Issue corporate standard to be used when addressing specific security problems.
B. Issue guidelines in selecting equipment, configuration, design, and secure operations.
C. Define the specific assets to be protected and identify the specific tasks which must be completed to secure them.
D. Define the main security objectives which must be achieved and the security framework to meet business objectives.

Correct Answer: D

Explanation/Reference:
Information security policies are high-level plans that describe the goals of the procedures or controls.
Policies describe security in general, not specifics. They provide the blueprint fro an overall security program just as a specification defines your next product.
- Roberta Bragg CISSP Certification Training Guide (que) pg 587

- Muhammad Idham Azhari

Friday, September 12, 2014

CISSP Exam Preparation (Question 261)

(261) Which of the following department managers would be best suited to oversee the development of an information security policy?

A. Information Systems
B. Human Resources
C. Business operations
D. Security administration

Correct Answer: C

Explanation/Reference:

None

- Muhammad Idham Azhari

Friday, September 5, 2014

CISSP Exam Preparation (Question 260)

(260) Which of the following would be the first step in establishing an information security program?

A. Adoption of a corporate information security policy statement
B. Development and implementation of an information security standards manual
C. Development of a security awareness-training program
D. Purchase of security access control software

Correct Answer: A

Explanation/Reference:

None

- Muhammad Idham Azhari