This chapter is supplemental to and coordinated with the Security Management chapter in the CISSP Prep Guide. The fundamentals of security management are covered in Chapter 1 of the CISSP Prep Guide at a level on par with that of the CISSP Examination.
It is assumed that the reader has a basic knowledge of the material contained in Chapter 1 and has the CISSP Prep Guide available to provide background information for the advanced questions pertaining to the Security Management chapter.
In the Security Management questions areas we will discuss data classification, security awareness, risk analysis, information system policies, and roles in information protection.
Advanced Sample Questions
- Which choice below most accurately reflects the goals of risk mitigation?
- Defining the acceptable level of risk the organization can tolerate, and reducing risk to that level
- Analyzing and removing all vulnerabilities and threats to security within the organization
- Defining the acceptable level of risk the organization can tolerate, and assigning any costs associated with loss or disruption to a third party, such as an insurance carrier
- Analyzing the effects of a business disruption and preparing the company's response
- Which answer below is the BEST description of a Single Loss Expectancy (SLE)?
- An algorithm that represents the magnitude of a loss to an asset from a threat
- An algorithm that expresses the annual frequency with which a threat is expected to occur ...