Question 1
Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.
What should be an important control in the contract?
Question 2
An employee has worked on the organizational risk assessment. The goal of the assessment is not to bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.
When has the risk assessment program accomplished its primary goal?
Question 3
A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants to access to those areas in case of fire.
What is the best solution to this dilemma?
Question 4
A security manager for a large company has the task to achieve physical protection for corporate data stores.
Through which control can physical protection be achieved?
Question 5
A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?