Home Cybersecurity trainings for SMEs Policies, Standards & Guidelines - Information Security Trainings for SMEs

Cybersecurity trainings for SMEs

0 %

Completed

Course content

Policies, Standards & Guidelines - Information Security Trainings for SMEs

10 XP
Prev Next
Fullscreen Share
Rating
0 0

There are no comments for now.

Join this Course
to be the first to leave a comment.

1. What do we mean when we say the Information Security Policy is the ‘constitution’ for information security in an organization (and an SME)
It is the umbrella leading all low-level policies, guidelines and standards It refers to the national constitution It contains to the most important information security objectives It concerns only the personnel of the SME
2. Which of the following is NOT a main element of an ISP?
Sign off by the top management Frequency of review Scope and validity Audience (who is concerned)
3. Which of the following is NOT a criterion for a Policy, a guideline, a standard?
Exhaustivity Readability Enforceable Specific
4. Which is NOT part of the SMART criteria?
Ambitious Affordable Realistic Acceptable
5. In which policy document can we use the W5H criteria?
Information Security Policy Guidelines Standards Low-level policies
6. A guidance is…
The same as a low-level policy The same as a standard A process that should be followed A reference for information
7. A “low-level policy” is NOT:
A policy for a specific domain the information security A policy for a specific ICT element or component A policy for a specific audience A policy for people at the lowest level of the SME
8. 8. A standard is…
A copy of an extract of an international standard An explanation of acceptable way of doing A detailed policy for a specific ICT component A process/procedure that must be strictly followed
9. Confidentiality policy is a policy in relation with…
Confidentiality of the business processes Personal information and GDPR Confidentiality of a company’s registered fabrication secret It concerns only a limited number of people
10. An SME should review its information security policy documents. Which of the following is NOT relevant?
At any important changes, regularly Every six months When the top management feels it necessary After an incident