Information Security Quiz

The likelihood that a threat will occur regardless of vulnerabilities

The potential for loss or damage when a threat exploits a vulnerability

The vulnerability of an asset to any external threat

The total number of threats identified in an organization

Software applications

Employee personal opinions

Hardware devices

Organizational data

A threat actor targeting an organization

A weakness that can be exploited by a threat

A security control implemented to reduce risk

An event causing damage to an asset

To categorize assets by value

To determine the order in which risks should be mitigated

To decide which threats to ignore

To classify vulnerabilities by severity

Firewall

Intrusion Detection System (IDS)

Regular data backups

Strong password policies

Acceptance involves transferring risk to a third party, avoidance does not

Acceptance means no action is taken to mitigate risk, avoidance means eliminating the risk source

Acceptance requires implementing corrective controls, avoidance requires preventive controls

Acceptance is used only for low risks, avoidance only for high risks

Data Protection Policy

Acceptable Use Policy

Password Policy

Incident Response Policy

They provide technical specifications for security tools

They outline legal and contractual security requirements

They eliminate all security risks

They replace the need for risk assessments

A US-specific security framework focusing on incident response

An international standard emphasizing risk management and ISMS implementation

A set of prioritized controls for practical system protection

A guideline for disaster recovery planning only

Identify, Protect, Detect, Respond, Recover

Assess, Mitigate, Monitor, Report, Review

Prevent, Detect, Correct, Avoid, Transfer

Plan, Implement, Test, Evaluate, Document