CISSP DOMAIN 1 (Security and Risk Management)

Tom is responsible for his company information security awareness program. He has concerns that the rapid change in technology may make the content outdated. What control can he put in place to protect against this risk?

You are writing a report to management on the results of a recent risk assessment you conducted. In your report you need to identify the remaining level of risk to the company after the adoption of security controls. What is the term used to describe the risk?

Chan Brothers is an established travel agency in Singapore. They conduct regional tours. Since it is travel hub, many nationalities travel through Singapore and may take tours to the other destinations from it. They receive a request from one of their past EU customers to request for his account to be terminated. Under the General Data Protection Regulation (GDPR) there is a clause that states that individuals may request for their personal data to be no longer processed or disseminated. The clause is:

Sabrina conducted a risk assessment and commended to purchase cyber breach insurance. What type of risk response is that?

Neal is speaking to his Board of Directors about their responsibility for reviewing the cybersecurity controls of the organization. What rule requires that senior executives take personal responsibility for information security matters?

Alex is a forensics investigator. While investigating a cyber security incident, he discovers that an attacker had used a normal user account but managed to exploit a vulnerability in one of the systems through providing that account with administrative rights. What type of attack took place under the STRIDE threat model?

After completing a Business Continuity Planning you decided to accept one of the risks. What should you so next?