Which types of organisations are likely to be the target of DDoS attacks?
Answer : D
Distributed Denial of Service (DDoS) attacks are a threat to any organization that maintains an online presence. This is because DDoS attacks are designed to overwhelm an organization's network with traffic, rendering it inaccessible to legitimate users. While cloud service providers, financial sector organizations, and online retail companies can be attractive targets due to their high-profile nature and the critical nature of their services, the reality is that any organization with an online presence can be targeted. This includes small businesses, educational institutions, government agencies, and non-profits. The motivation behind such attacks can vary from financial gain, to disruption of service, to political statements. Therefore, it's crucial for all organizations to implement robust security measures to mitigate the risk of DDoS attacks.
Which of the following statutory requirements are likely to be of relevance to all organisations no matter which sector nor geographical location they operate in?
Answer : B
The General Data Protection Regulation (GDPR) is a regulation that applies to all organizations operating within the EU and also to organizations outside of the EU that offer goods or services to, or monitor the behavior of, EU data subjects. It is designed to harmonize data privacy laws across Europe and to protect and empower all EU citizens' data privacy. The GDPR's relevance extends beyond geographical and sector-specific boundaries because it applies to any organization that processes the personal data of individuals within the EU, making it a global standard for data protection.
While other options like Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act (HIPAA) have significant impacts on specific sectors or regions, GDPR's broad scope makes it relevant to a wide range of organizations worldwide. It sets a precedent for data protection laws globally, influencing other regulations and becoming a de facto standard for many companies, even in countries without similar laws.
Which of the following is NOT considered to be a form of computer misuse?
Answer : A
The term 'computer misuse' typically refers to activities that are illegal or unauthorized and involve a computer system. This includes illegal interception of information, illegal access to computer systems, and downloading of pirated software, as these actions are unauthorized and often involve breaching security measures. However, the illegal retention of personal data, while a serious privacy concern and potentially a legal issue, is not typically classified under the scope of 'computer misuse'. Instead, it falls under data protection and privacy regulations, which deal with the proper handling and storage of personal information.
Which standards framework offers a set of IT Service Management best practices to assist organisations in aligning IT service delivery with business goals - including security goals?
Answer : A
ITIL (Information Technology Infrastructure Library) is a widely recognized framework that offers a comprehensive set of best practices for IT Service Management (ITSM). It assists organizations in aligning IT services with business goals, including security objectives. ITIL provides guidance on the entire service lifecycle, from service strategy and design to service transition, operation, and continual service improvement. By following ITIL's structured approach, organizations can enhance the quality of IT services, manage risk effectively, improve customer satisfaction, and ensure that IT and business strategies are in sync.
Which term describes the acknowledgement and acceptance of ownership of actions, decisions, policies and deliverables?
Answer : A
Accountability is the term that describes the acknowledgement and acceptance of ownership of actions, decisions, policies, and deliverables. It implies that an individual or organization is willing to take responsibility for their actions and the outcomes of those actions, and is answerable to the relevant stakeholders. This concept is fundamental in information security management, as it ensures that individuals and teams are aware of their roles and the expectations placed upon them, particularly in relation to the protection of information assets. Accountability cannot be delegated; while tasks can be assigned to others, the ultimate ownership and obligation to report and justify the outcomes remain with the accountable party.
Which standard deals with the implementation of business continuity?
Answer : C
The standard that deals specifically with the implementation of business continuity is ISO 22301, which is internationally recognized. It outlines the requirements for a business continuity management system (BCMS), which provides a framework for organizations to update, control, and deploy an effective BCMS that helps them to be prepared and respond effectively to disruptions. ISO/IEC 27001 is related to information security management systems (ISMS) and while it includes aspects of business continuity, it is not solely focused on it. COBIT is a framework for developing, implementing, monitoring, and improving IT governance and management practices, and BS5750 is a standard for quality management systems, now superseded by ISO 9000 series.
Which of the following statements relating to digital signatures is TRUE?
Answer : B
Digital signatures are a form of electronic signature that uses cryptographic techniques to provide secure and verifiable means of signing electronic documents. They are widely recognized and accepted as legally binding in many jurisdictions around the world. The enforceability of digital signatures is backed by various laws and regulations that recognize electronic signatures as equivalent to handwritten signatures, provided they meet certain criteria for authenticity and integrity.For instance, in the United States, the ESIGN Act establishes the legal validity of electronic signatures, including digital signatures1.Similarly, the eIDAS regulation in the European Union provides a legal framework for electronic signatures and trust services, including digital signatures2.