SoCI (as it pertains to the Australian law concerned with cybersecurity) stands for:

Security of Critical Infrastructure

Statement of Comprehensive Income

Security of Critical Identities

Standard Optimum Control Integral

Which of the following can be considered mission-critical assets:

Cryptographic information, network topology, cost structure and price calculations, sales pipeline

Information or details relating directly to an individual, such as employees, customers or citizens

Proprietary algorithms, logistics arrangements, formulas, board papers

Customer profile database (containing pii), tax records, competitor analysis, non-competition agreements

What could be considered as an example of a potential security implication for the creation stage of the information lifecycle?

Photocopying board meeting notes discussing divestiture plans, e.g., to read on the train

A business user incorrectly updating the pricing points for a differentiating product

Information about a non-competition agreement stored on a personal tablet for offline reference

Misaddressing an email containing details of yet-to-be-announced redundancy plans

Leaving the recipe for a foodstuff that defines the brand of an organisation on the hard drive of a laptop sent for destruction

What are possible outcomes of a risk that has been identified and analysed in a risk management process?

Acceptance, avoidance, mitigation, transfer

Acceptance, avoidance, mitigation, transfer, residual

Acceptance, elimination, reduction, transfer

Acceptance, avoidance, elimination, mitigation, transfer

To what audience should communication about new information risks be sent?

Security steering committee and executive management

What is usually the primary objective of risk management?

Fewer and less severe security incidents

The formula to calculate the residual risk level is…

(Probability of adverse event ÷ Mitigation factor) × Impact

Probability of threat event × Impact

Probability of adverse event ÷ Mitigation factor

Probability of threat event × Mitigation factor

What is the best method for ensuring that an organisation’s security program achieves adequate business alignment?

Understand the organisation’s vision, mission statement, and objectives

Find and read the organisation’s articles of incorporation

Study the organisation’s chart of management reporting (the 'org chart')

Study the organisation’s financial chart of accounts

You have implemented a web gateway that blocks access to a social networking site. How would you categorise this type of security control?

It is a technical type of control and acts as a preventive measure

It is an administrative type of control and acts as a deterrent measure

It is an administrative type of control and acts as a preventive measure

It is a technical type of control and acts as a deterrent measure

How do you achieve layered security?

By providing a diversity of types of controls and sourcing controls from a number of different vendors

By considering the CIA triad when implementing controls

By considering the defence in depth when implementing controls

If a security control is described as administrative and compensating, what can you determine about its nature and function?

That the control is enforced by a procedure or policy that shapes the way people act and that the control mitigates its impact in some way

That the control is enforced by a technical system and that the control prevents an attack

That the control is enforced by a procedure or policy that shapes the way people act and that the control mitigates its likelihood in some way

That the control is enforced by a technical system and that the control delays an attack

An organisation’s board of directors wants to see quarterly metrics on risk reduction. What would be the best metric for this purpose?

Time to patch vulnerabilities on critical servers

Number of firewall rules triggered

Viruses blocked by antivirus programs

Packets dropped by the firewall

Which of the following metrics is the best example of a leading indicator?

Percentage of critical servers being patched within Service Level Agreements (SLAs)

Average time to mitigate security incidents

Increase in the number of attacks blocked by the Intrusion Prevention System (IPS)

Increase in the number of attacks blocked by the firewall

The purpose of control self-assessments is to:

Reinforce accountability for control effectiveness

Transfer risk to control owners

Reduce workload in internal audit

ISYS3439 - Cyber GRC

Authored by Nebs P

Other

University

Used 10+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

26 questions

Show all answers

MULTIPLE CHOICE QUESTION

20 sec • 5 pts

The CIA triad is a prominent information security model defining which three central aspects of information security?

Confidentiality, integrity, and accountability

Classification, integrity, and accountability

Confidentiality, identity, and accessibility

Confidentiality, integrity, and availability

MULTIPLE CHOICE QUESTION

20 sec • 5 pts

Which of vulnerability, threat, and risk would be assessed by likelihood and impact?

Vulnerability

Threat

Risk

All 3

MULTIPLE CHOICE QUESTION

20 sec • 5 pts

What are the 5 major stages of the NIST CSF?

Identify, Protect, Detect, Respond, Recover

Identify, Prevent, Detect, Respond, Recover

Identify, Protect, Deflect, Respond, Recover

Identify, Protect, Detect, Respond, Return

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

Control diversity means:

That the layers of controls should combine different classes of technical and administrative controls with the range of control types

That the layers of controls should combine different classes of technical and physical controls with the range of control types

That the layers of controls should combine different classes of physical and administrative controls with the range of control types

That the layers of controls should combine different classes of technical, administrative and physical controls with the range of control types

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

Choose the option that best describes the concept of least privilege:

For a critical business function to be secure, it may be necessary to ensure that no one person can perform that function

A basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role

Enforcing a security role by separating it from the network or access by the rest of the network

Screening new employees through background checks, ensuring employees are set up with the correct privileges when they join or change job roles, and ensuring that privileges are revoked if the employee is fired or retires

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

A security policy:

Defines the scope of security needed by the organisation and discusses the assets that require protection and the extent to which security solutions should go to provide the necessary protection

Is a set sequence of necessary activities that performs a specific security task or function

Provides practical guidance on how an organisation can protect their systems and data from cyber threats

Defines a minimum level of security that every system throughout the organisation must meet

MULTIPLE SELECT QUESTION

20 sec • 5 pts

Which of the following is free? (Multiple answers may apply)

ISO 27001

NIST CSF

COBIT

ITIL

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

22 questions

Quiz sur le Management et le Marketing Digital

Quiz

•

University

22 questions

Dermatologic Disorders Tier 2

Quiz

•

University

24 questions

Quiz on Swachhta

Quiz

•

University

25 questions

UF1.1 El Sistema Elèctric

Quiz

•

University

22 questions

Guess The Rapper?

Quiz

•

7th Grade - Professio...

21 questions

Star Wars quiz

Quiz

•

KG - Professional Dev...

22 questions

Chapter 10 Crowdfunding

Quiz

•

University

21 questions

Science group quiz no 1

Quiz

•

KG - Professional Dev...

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

10 questions

Probability Practice

Quiz

•

4th Grade

15 questions

Probability on Number LIne

Quiz

•

4th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

6 questions

Appropriate Chromebook Usage

Lesson

•

7th Grade

10 questions

Greek Bases tele and phon

Quiz

•

6th - 8th Grade

Discover more resources for Other

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

20 questions

Endocrine System

Quiz

•

University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

30 questions

W25: PSYCH 250 - Exam 2 Practice

Quiz

•

University

5 questions

Inherited and Acquired Traits of Animals

Interactive video

•

4th Grade - University

20 questions

Implicit vs. Explicit

Quiz

•

6th Grade - University

7 questions

Comparing Fractions

Interactive video

•

1st Grade - University

38 questions

Unit 8 Review - Absolutism & Revolution

Quiz

•

10th Grade - University

ISYS3439 - Cyber GRC

The CIA triad is a prominent information security model defining which three central aspects of information security?

Which of vulnerability, threat, and risk would be assessed by likelihood and impact?

What are the 5 major stages of the NIST CSF?

Control diversity means:

Choose the option that best describes the concept of least privilege:

A security policy:

Which of the following is free? (Multiple answers may apply)

SoCI (as it pertains to the Australian law concerned with cybersecurity) stands for:

Which of the following can be considered mission-critical assets:

Which of the following threat actors is typically not considered adversarial?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other