信息安全管理体系(Information Security Management System,ISMS)的内部审核和管理审核是两项重要的管理活动,关于这两者,下面描述错误的是()。A、内部审核和管理评审都很重要,都是促进ISMS持续改进的重要动力,也都应当按照一定的周期实施B、内部审核的实施方式多采用文件审核和现场审核的形式,而管理评审的实施方式多采用召开管理评审会议的形式进行C、内部审核的实施主体由组织内部的ISMS内审小组,而管理评审的实施主体是由国家政策指定的第三方技术服务机构D、组织的信息安全方针、信息安全目标和有关ISMS文件等,在内部审核中作为审核准使用,但在管理评审中,这些文件是被审对象
信息安全管理体系(Information Security Management System,ISMS)的内部审核和管理审核是两项重要的管理活动,关于这两者,下面描述错误的是()。
- A、内部审核和管理评审都很重要,都是促进ISMS持续改进的重要动力,也都应当按照一定的周期实施
- B、内部审核的实施方式多采用文件审核和现场审核的形式,而管理评审的实施方式多采用召开管理评审会议的形式进行
- C、内部审核的实施主体由组织内部的ISMS内审小组,而管理评审的实施主体是由国家政策指定的第三方技术服务机构
- D、组织的信息安全方针、信息安全目标和有关ISMS文件等,在内部审核中作为审核准使用,但在管理评审中,这些文件是被审对象
相关考题:
网络空间安全的发展历程错误的是() A.通信安全阶段ComSAFE(Communication Safe)B.计算机安全阶段CompSEC(Computer Security)C.信息技术安全阶段ITSEC(IT Security)D.通信保密阶段ComSEC(Communication Security)
( )contributes to monitoring and data collection by defining security monitoring and data collection requirements.A.information continuity managementB.information catalogue managementC.information security managementD.information distribution management
The objective of information ( ) includes protection of information and property from theft, corruption,or natural disaster, while allowing the information and property to remain accessible and productive to its intended users.A.concurrencyB.integrityC.consistencyD.security
( )is not included in Information Security Risk Assessment Process.A.Establishing information security risk criteriaB.Identifying the information security risksC.Formulating an information security risk treatment planD.Analysing the information security risk
关于信息安全管理体系(ISMS),下面描述错误的是:()A、信息安全管理体系是组织在整体或特定范围内建立信息安全方针和目标,以及完成这些目标所用方法的体系,包括组织架构,方针,活动,职责以及相关实践要素B、管理体系是为达到组织目标的策略,程序,指南和相关资源框架,信息安全管理体系是管理体系思想和方法在信息安全领域的应用C、概念上,信息安全管理体系有广义和狭义之分,狭义的信息安全管理体系是指安全ISO27001标准定义的管理体系,它是一个组织整体管理体系的组成部分D、同其他管理体系一样,信息安全管理体系也要建立信息安全管理组织机构,健全信息安全管理制度,构建信息安全技术防护体系和加强人员的安全意识等内容
Who should measure the effectiveness of Information System security related controls in an organization?在一个组织内,谁应该衡量信息系统安全相关控制的有效性?()A、The local security specialist本地安全专家B、The systems auditor系统审计师C、The central security manager中心安全经理D、The business manager业务经理
What is the goal of the borderless network architecture?()A、to provide users with A single device that permits access to information anywhereB、to provide users with the same productivity and access to information no matter where are or which device they useC、to eliminate the need for border security and firewallsD、to provide companies with A way to extend their security and control over employees on the internet
What is the goal of the borderless network architecture?()A、to provide users withA single device that permits access to information anywhereB、to provide users with the same productivity and access to information no matter where are or which device they useC、to eliminate the need for border security and firewallsD、to provide companies withA way to extend their security and control over employees on the internet
Which one of the following functions provides the least effective organizational reporting structure for the Information Systems Security function? 以下下列哪项提供了对信息系统安全部门来说是最无效的组织汇报机制?()A、IS quality assurance. IS质量保证B、IS resource management. IS资源管理C、IS operations. IS操作D、Corporate security. 企业安全
信息安全管理体系(information Securlty Management System.简称ISMS)要求建立过程体系,该过程体系是在如下()基础上构建的。A、IATF(Information Assurance Technical Framework)B、P2DR(Policy,Protection,Detection,Response)C、PDCERF(Preparation,Detection,Containment,Eradication,Recovery,Follow-up)D、PDCA(Plan,Do,Check,Act)
S027002(Information technology-Security techniques-Code ofpractice for information securitmanagement)是重要的信息安全管理标准之一,下面是关于其演进变化,括号空白处应填写()。 BS7799→BS7799.1→( )→ISO27002A、BS7799.1.3B、ISO17799C、AS/NZS4630D、NISTSP800-37
Which must bear the primary responsibility for determining the level of protection needed for information systems resources?哪一个角色必须承担决定信息系统资源保护级别的主要责任?()A、IS security specialists IS安全专家B、Senior Management高级管理层C、Senior security analysts高级安全分析师D、systems Auditors系统审计师
下面哪个模型和软件安全开发无关()?A、微软提出的“安全开发生命周期(Security Development Lifecycle,SDL)”B、GrayMcGraw等提出的“使安全成为软件开发必须的部分(Building Security IN,BSI)”C、OWASP维护的“软件保证成熟度模型(Software Assurance Maturity Mode,SAMM)”D、美国提出的“信息安全保障技术框架(Information Assurance Technical Framework,IATF)”
A System p administrator is investigating a possible security breech and wants to review information about failed login attempts to the system. Which of the following commands will show this()A、fwtmp /etc/security/failedloginB、cat /etc/security/failedloginC、whoD、alog -f /etc/security/failedlogin -o
An administrator was asked to log information on possible security breaches on a server. To which file should additional entries be added to capture this information()A、/var/adm/sulogB、/etc/syslog.confC、/etc/security/sysck.cfgD、/etc/security/syslog.conf
The root id is set so that direct login is disabled. Information must be reviewed relating to when root access was obtained. In which of the following files is this information located?()A、 /var/adm/sulog B、 /var/adm/wtmp C、 /etc/security/user D、 /etc/security/failedlogin
A system administrator was asked to log information on possible security breaches on a server. Which file should additional entries be added to capture this information?()A、/var/adm/sulogB、/etc/syslog.confC、/etc/security/sysck.cfgD、/etc/security/login.cfg
单选题An administrator was asked to log information on possible security breaches on a server. To which file should additional entries be added to capture this information()A/var/adm/sulogB/etc/syslog.confC/etc/security/sysck.cfgD/etc/security/syslog.conf
单选题A system administrator was asked to log information on possible security breaches on a server. Which file should additional entries be added to capture this information?()A/var/adm/sulogB/etc/syslog.confC/etc/security/sysck.cfgD/etc/security/login.cfg
单选题Who should measure the effectiveness of Information System security related controls in an organization?在一个组织内,谁应该衡量信息系统安全相关控制的有效性?()AThe local security specialist本地安全专家BThe systems auditor系统审计师CThe central security manager中心安全经理DThe business manager业务经理
单选题ISMS指的是什么?()A信息安全管理B信息系统管理体系C信息系统管理安全D信息安全管理体系