Chat with AI
Deck 5: Fraud Prevention and Risk Management
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 5: Fraud Prevention and Risk Management
1
Which of the following is an information security deliverable?
A) Information-security-related processes.
B) Software and hardware products.
C) Security-related personnel.
D) All of the above.
A) Information-security-related processes.
B) Software and hardware products.
C) Security-related personnel.
D) All of the above.
D
2
How many increasing levels of Evaluation Assurance Levels (EALs) are there?
A) 1.
B) 3.
C) 5.
D) 7.
A) 1.
B) 3.
C) 5.
D) 7.
D
3
Which of the following best describes a Passive Threat?
A) A hacker destroying the Accounts Payable files.
B) A disgruntled employee destroying the Accounts Payable files.
C) A Vendor destroying the Accounts Payables files.
D) A flood destroying the Accounts Payable files.
A) A hacker destroying the Accounts Payable files.
B) A disgruntled employee destroying the Accounts Payable files.
C) A Vendor destroying the Accounts Payables files.
D) A flood destroying the Accounts Payable files.
D
4
Which of the following types of assets require protection according to the ISO standards?
A) Human Resource.
B) Information Assets.
C) Software Assets.
D) All of the above.
A) Human Resource.
B) Information Assets.
C) Software Assets.
D) All of the above.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
What are forms of assurance come for information security?
A) Informal or Semi-formal.
B) Formal Certification by an Accredited Certification Body.
C) Self Certification.
D) All of the above.
A) Informal or Semi-formal.
B) Formal Certification by an Accredited Certification Body.
C) Self Certification.
D) All of the above.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
How can an organization have some type evidence-based assertion that increases one's certainty that a security-related deliverable can withstand specified security threats?
A) Through Risk Analysis Matrix.
B) Through Information security assurance (ISA).
C) Through Internal Controls.
D) Through hiring hackers to test the system.
A) Through Risk Analysis Matrix.
B) Through Information security assurance (ISA).
C) Through Internal Controls.
D) Through hiring hackers to test the system.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
What does the standard ISO 27002 highlight?
A) Controls that are essential to essential due to legislation.
B) Controls That Exist in Common Practice for Accounting Standards.
C) Controls that exist to conform to GAAP.
D) All of the above.
A) Controls that are essential to essential due to legislation.
B) Controls That Exist in Common Practice for Accounting Standards.
C) Controls that exist to conform to GAAP.
D) All of the above.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
What does a Gap Analysis focus on?
A) The uncovered security area between a companies firewall and their internet service providers security programs.
B) Identifying needed controls that are not already in place.
C) The background investigations of employees.
D) All of the above.
A) The uncovered security area between a companies firewall and their internet service providers security programs.
B) Identifying needed controls that are not already in place.
C) The background investigations of employees.
D) All of the above.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
The levels of Evaluation Assurance Levels do what for each other?
A) Contradict.
B) Compliment.
C) Provide increasing levels of assurance.
D) Negate.
A) Contradict.
B) Compliment.
C) Provide increasing levels of assurance.
D) Negate.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
The ISO "Family" that promulgates information security standards are:
A) 9000.
B) 15000.
C) 17000.
D) 27000.
A) 9000.
B) 15000.
C) 17000.
D) 27000.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
____________ are systems-related individuals or events that can result in losses to the organization.
A) Threats.
B) Vulnerabilities.
C) Risks.
D) Any of the above.
A) Threats.
B) Vulnerabilities.
C) Risks.
D) Any of the above.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
What are the three options when dealing with Risk Management?
A) Accept the risk, Resolve the risk, Counteract the risk.
B) Ignore the risk, Insure the risk, Write policies against the risk.
C) Accept the risk, Insure the risk, Implement controls against the risk.
D) Accept the risk, Insure the risk, Admonish employees who cause the risk.
A) Accept the risk, Resolve the risk, Counteract the risk.
B) Ignore the risk, Insure the risk, Write policies against the risk.
C) Accept the risk, Insure the risk, Implement controls against the risk.
D) Accept the risk, Insure the risk, Admonish employees who cause the risk.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
What is the Statement of Applicability (SOA) and what should it be consistent with?
A) The SOA is the end-product of the risk-assessment process and should be consistent with the ISMS policy developed in the early stages of the PDAC process.
B) The SOA is the first draft of the risk-assessment process should be consistent with the ISMS policy developed in the early stages of the PDAC process.
C) The SOA is the end-product of the risk-assessment process and should be contradictive to the ISMS policy developed in the later stages of the PDAC process.
D) The SOA should be consistent with the risk assessment standards found in ISO 9002.
A) The SOA is the end-product of the risk-assessment process and should be consistent with the ISMS policy developed in the early stages of the PDAC process.
B) The SOA is the first draft of the risk-assessment process should be consistent with the ISMS policy developed in the early stages of the PDAC process.
C) The SOA is the end-product of the risk-assessment process and should be contradictive to the ISMS policy developed in the later stages of the PDAC process.
D) The SOA should be consistent with the risk assessment standards found in ISO 9002.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following best describes and Active Threat?
A) A flood destroying the Accounts Payable files.
B) A hacker destroying the Accounts Payable files.
C) A fire destroys the Accounts Payable files.
D) A computer malfunction destroying the Accounts Payable files.
A) A flood destroying the Accounts Payable files.
B) A hacker destroying the Accounts Payable files.
C) A fire destroys the Accounts Payable files.
D) A computer malfunction destroying the Accounts Payable files.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
An organizational internal control process that ensures confidentiality, integrity, and availability within the company is called:
A) An information security deliverable.
B) An information security management system.
C) Enterprise risk management.
D) Planning-Doing-Checking-Acting.
A) An information security deliverable.
B) An information security management system.
C) Enterprise risk management.
D) Planning-Doing-Checking-Acting.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
When developing an ISMS, how many phases are there?
A) 3.
B) 4.
C) 5.
D) 6.
A) 3.
B) 4.
C) 5.
D) 6.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following are levels of access security level within a corporation?
A) Unclassified, Shared, Company Only, Confidential.
B) Unclassified and classified.
C) Unclassified, Secret, Top Secret and Eyes Only.
D) Public, private and executive.
A) Unclassified, Shared, Company Only, Confidential.
B) Unclassified and classified.
C) Unclassified, Secret, Top Secret and Eyes Only.
D) Public, private and executive.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
What are the 3 ISMS security objectives?
A) Assess, modify, implement.
B) Integrate, evaluate, modify.
C) Confidentiality, integrity, availability.
D) Integrity, evaluation, implementation.
A) Assess, modify, implement.
B) Integrate, evaluate, modify.
C) Confidentiality, integrity, availability.
D) Integrity, evaluation, implementation.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
An information security deliverable, information security management system and enterprise risk management are generally a part of a companies:
A) Internal Controls.
B) External Controls.
C) Detective Controls.
D) Preventative Controls.
A) Internal Controls.
B) External Controls.
C) Detective Controls.
D) Preventative Controls.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Who is/are the International Standard Organization (ISO)?
A) A group of Forensic Accountants who develop internal control standards.
B) A membership organization for Information Security Managers.
C) An international group that promulgates standards relating to business processes.
D) A U.S. Governmental organization similar to the SEC that regulates computer fraud and information security.
A) A group of Forensic Accountants who develop internal control standards.
B) A membership organization for Information Security Managers.
C) An international group that promulgates standards relating to business processes.
D) A U.S. Governmental organization similar to the SEC that regulates computer fraud and information security.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
Compare and contrast Trusted Product Evaluation Program (TPEP) and the Trust Technology Assessment Program (TTAP).
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
What is the best approach to data protection?
A) Firewalls.
B) Intrusion detection controls.
C) Risk Management Policies.
D) Layered Approach.
A) Firewalls.
B) Intrusion detection controls.
C) Risk Management Policies.
D) Layered Approach.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
How could Information security assurance (ISA) be implemented at your businesses or college?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
The formal written disaster management and recovery plan should name one person within the organization as what?
A) Emergency response director.
B) Data recovery officer.
C) Chief information officer.
D) Emergency recovery specialist.
A) Emergency response director.
B) Data recovery officer.
C) Chief information officer.
D) Emergency recovery specialist.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
Describe the risk assessment three-step process.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
Incident handling applies primarily to the check (continuous evaluation) phase in the _______ methodology.
A) ISO.
B) SOA.
C) ISMS.
D) PDAC.
A) ISO.
B) SOA.
C) ISMS.
D) PDAC.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
Which of the following is not a layer of data protection?
A) Network layer.
B) Internal control layer.
C) Application layer.
D) Database layer.
A) Network layer.
B) Internal control layer.
C) Application layer.
D) Database layer.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
What are some possible strategies for Risk Management/Treatment?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Security engineering refers to what?
A) The physical design of a security system.
B) The application of engineering concepts to the development of security processes.
C) The GAAP standards that apply to protecting accounting records.
D) All of the above.
A) The physical design of a security system.
B) The application of engineering concepts to the development of security processes.
C) The GAAP standards that apply to protecting accounting records.
D) All of the above.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
What is supposed to happen under information security incident management?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
Describe the ISMS Life Cycle and PDCA.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
If your process has reached maturity, and has achieved lower costs, shorter development times, higher quality, and higher productivity, then it must have:
A) Process predictability.
B) Process control.
C) Process compliance.
D) Process effectiveness.
A) Process predictability.
B) Process control.
C) Process compliance.
D) Process effectiveness.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
The Certified Information Systems Security Professionals (CISSP) tests what?
A) Individuals.
B) Organizations.
C) Processes.
D) Systems.
A) Individuals.
B) Organizations.
C) Processes.
D) Systems.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
How is Information Security Assurance achieved?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
What is Federal Information Processing Standard 140 (FIPS 140) and what does it define?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Assessing risks involves:
A) Threat analysis.
B) Vulnerability analysis.
C) Risk analysis.
D) Both a and
A) Threat analysis.
B) Vulnerability analysis.
C) Risk analysis.
D) Both a and
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
Who developed Trusted Product Evaluation Program (TPEP)?
A) NASa.
B) NSA.
C) CIA.
D) FBI.
A) NASa.
B) NSA.
C) CIA.
D) FBI.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
Explain how the ISO promulgates standards in "families" and what that means.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
In regards to total destruction that occurs during a disaster, when does most of the damage occur?
A) During the disaster.
B) After the disaster, but before the recovery.
C) During the recovery.
D) When employees overreact.
A) During the disaster.
B) After the disaster, but before the recovery.
C) During the recovery.
D) When employees overreact.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
Who are some types of individuals posing active and passive threats?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Threats are systems-related individuals or events that can result in losses to the organization.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
Gap analysis focuses on identifying needed governmental controls that are not already in place.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
The assurance authority in a business would decide who to consult for assurances on deliverables.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
Single security standards, even when properly implemented, generally do not lead to complete security assurances in terms of all assessment approaches and life-cycle phases.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
The ISMS is a stand-alone process.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
Process control means that the process produces results that are consistent and according to plans.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
Some of the Certified Information Systems Security Professionals criteria are; Access Control Systems & Methodology, Applications & Systems Development, Business Continuity Planning, Cryptography, Law, Investigation & Ethics, Operations Security.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
Some Information security assurances involve organizations such as Local, state, national and international governments and organizations, Organizational policy makers (e.g., for policies relating to security, personnel, procurement, and marketing) and End users (including consumer and business users).
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
Software assets include data and information of all types, including for example, data files, accounting information, plans and strategies, policies, intellectual property, documentation, user manuals, training manuals, policies and procedures.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
The normal approach to penetration testing is to attempt to exploit all possible vulnerabilities.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
