Questions for the ISFS were updated on : Nov 21 ,2025
What action is an unintentional human threat?
D
Three characteristics determine the reliability of information. Which characteristics are these?
B
You are the owner of the courier company SpeeDelivery. You have carried out a risk analysis and
now want to determine your risk strategy. You decide to take measures for the large risks but not
for the small risks. What is this risk strategy called?
C
You have an office that designs corporate logos. You have been working on a draft for a large
client. Just as you are going to press the <save> button, the screen goes blank. The hard disk is
damaged and cannot be repaired. You find an early version of the design in your mail folder and
you reproduce the draft for the customer. What is such a measure called?
A
A company moves into a new building. A few weeks after the move, a visitor appears unannounced
in the office of the director. An investigation shows that visitors passes grant the same access as the
passes of the companys staff. Which kind of security measure could have prevented this?
A
The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following
measures to assure information security:
- The security requirements for the network are specified.
- A test environment is set up for the purpose of testing reports coming from the database.
- The various employee functions are assigned corresponding access rights.
- RFID access passes are introduced for the building.
Which one of these measures is not a technical measure?
D
What is the goal of an organization's security policy?
A
What is the best description of a risk analysis?
B
Which one of the threats listed below can occur as a result of the absence of a physical measure?
B
At Midwest Insurance, all information is classified. What is the goal of this classification of
information?
C
You own a small company in a remote industrial are
A
A Dutch company requests to be listed on the American Stock Exchange. Which legislation within
the scope of information security is relevant in this case?
C
You are the first to arrive at work in the morning and notice that the CD ROM on which you saved
contracts yesterday has disappeared. You were the last to leave yesterday. When should you
report this information security incident?
A
Which is a legislative or regulatory act related to information security that can be imposed upon
all organizations?
D
You read in the newspapers that the ex-employee of a large company systematically deleted files
out of revenge on his manager. Recovering these files caused great losses in time and money.
What is this kind of threat called?
A