BCS CISMP-V9 BCS Foundation Certificate in Information Security Management Principles V9.0 Exam Practice Test

Answer : C

which appears to be a typographical error for ISO 15489. ISO 15489 is the international standard that deals with the management of records, including their retention. It provides a framework for creating, capturing, and managing records of any format or structure, in all types of business and technological environments, over time.This standard emphasizes the importance of records management for organizational efficiency and accountability, and it outlines the principles and practices to ensure that records are properly maintained and retained according to legal, regulatory, and operational requirements12.

ISO 15489-1:2016 Information and documentation --- Records management --- Part 1: Concepts and principles1.

ISO committee website for ISO 15489 Records management2.

Answer : B

SABSA (Sherwood Applied Business Security Architecture) is a framework and methodology specifically designed for Enterprise Security Architecture and Service Management. It provides a layered approach to security architecture, ensuring that security is aligned with business goals and is driven by risk management principles.SABSA's methodology integrates with business and IT management processes, focusing on the design, delivery, and support of security services within the enterprise environment1.

TOGAF (The Open Group Architecture Framework) is also used in the context of enterprise architecture but is not solely focused on security.It provides a comprehensive approach to the design, planning, implementation, and governance of an enterprise information architecture2.

PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment2.

OWASP (Open Web Application Security Project) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security2.

Answer : D

Developers should undergo Awareness Training to understand the security of the code they have written and how it can improve security defense while being attacked. This type of training educates developers on the importance of security considerations throughout the software development lifecycle (SDLC). It covers best practices for secure coding, common vulnerabilities and how to avoid them, and the impact of code security on the overall security posture of an application. By being aware of security principles and the potential threats, developers can write more secure code, which is crucial for defending against attacks.

Answer : D

The ISO/IEC 27000 series, particularly ISO/IEC 27001, provides a framework for information security management systems (ISMS) that helps organizations secure their information assets. This series covers various aspects of information security, including the protection of organizational records and data protection & privacy, which are legal compliance requirements in many jurisdictions. Intellectual Property Rights (IPR) are also considered within the scope of information security as they pertain to the protection of proprietary information and assets. Forensic recovery of data and data deduplication are technical and operational considerations but are not directly addressed as compliance legal requirements within the ISO/IEC 27000 series.

Answer : D

Quantitative risk assessment is the process of objectively measuring risk by assigning numerical values to the probability of an event occurring and its potential impact. This method is most likely to provide objective support for a security Return on Investment (ROI) case because it allows for the calculation of potential losses in monetary terms, which can be directly compared to the cost of implementing security measures. By quantifying risks and their financial implications, organizations can make informed decisions about where to allocate resources and how to prioritize security investments to maximize ROI. This approach is particularly useful when making a business case to stakeholders who require clear, financial justification for security expenditures.

Answer : B

The global pandemic has accelerated the trend of remote work, which inherently increases the risk of information security breaches due to insecure premises (A) and the need for additional tools like VPNs . There's also a higher likelihood of attackers exploiting vulnerabilities during such operational changes (D). However, the need for additional physical security at data centres and corporate headquarters (B) is less likely to be a direct result of a pandemic since the focus shifts to remote work and digital security rather than physical premises that are less occupied.

Answer : B

Digital signatures are a form of electronic signature that uses cryptographic techniques to provide secure and verifiable means of signing electronic documents. They are widely recognized and accepted as legally binding in many jurisdictions around the world. The enforceability of digital signatures is backed by various laws and regulations that recognize electronic signatures as equivalent to handwritten signatures, provided they meet certain criteria for authenticity and integrity.For instance, in the United States, the ESIGN Act establishes the legal validity of electronic signatures, including digital signatures1.Similarly, the eIDAS regulation in the European Union provides a legal framework for electronic signatures and trust services, including digital signatures2.