ISMS and user acceptance policy

1. What does ISMS stand for? A. Information System Monitoring System B. Information Security Management System C. Intelligent Security Management System D. Internet Security Monitoring System

Answer: B. Information Security Management System

1. Who is responsible for developing, implementing and maintaining an ISMS? A. IT manager B. Information security officer C. Network administrator D. System analyst

Answer: B. Information security officer

1. What documents are required when managing and maintaining an ISMS? A. Security policy documents, procedure documents and user acceptance documents B. Risk Analysis documents, regulatory documents and access control documents C. Software configuration document, Access matrix document, change management document D. Data protection documents, Backup documents, Disaster recovery documents

Answer: A. Security policy documents, procedure documents and user acceptance documents

1. What does a user acceptance policy mainly focus on? A. Determining the scope, objectives and goals of an ISMS B. Ensuring user’s data is kept confidential C. Establishing rules for acceptable user behaviour D. Ensuring user security training is kept up-to-date

Answer: C. Establishing rules for acceptable user behaviour

1. What is the main purpose of a user acceptance policy? A. To protect the physical premises B. To regulate user behaviour on networks C. To protect against data breaches D. To protect against external attacks

Answer: B. To regulate user behaviour on networks

1. What is the first step in establishing a user acceptance policy? A. Setting expectations for user behaviour B. Identifying scope of policy C. Identifying stakeholders D. Defining responsibilities

Answer: B. Identifying scope of policy

1. What components should be included in a user acceptance policy? A. Password security measures, access control measures and acceptable use policy B. Data protection measures, backup measures and disaster recovery plan C. System security measures, user security training and change control management D. Authentication methods, firewalls and intrusion detection systems

Answer: A. Password security measures, access control measures and acceptable use policy

1. What is the role of policy management in information security? A. To prevent system failure B. To monitor user behaviour C. To define acceptable behaviour standards D. To make sure data is kept secure

Answer: C. To define acceptable behaviour standards

1. What is the purpose of a risk assessment in developing an ISMS? A. To identify potential threats and assess their impact B. To identify and assess the current level of risk C. To define user roles and responsibilities D. To enforce the need for security controls

Answer: A. To identify potential threats and assess their impact

1. What are the steps to be taken in implementing an ISMS? A. Develop policy, assess risks, design controls and monitor B. Develop policy, audit security, define controls and monitor C. Validate policy, assess risks, design controls and enforce D. Validate policy, audit security, define controls and enforce

Answer: A. Develop policy, assess risks, design controls and monitor