712-50 EC-Council Certified CISO (CCISO) Questions and Answers

Poorly configured firewalls

Malware

Advanced Persistent Threat (APT)

An insider

Network connectivity costs

New datacenter to operate from

Upgrade of mainframe

Purchase of new mobile devices to improve operations

Enterprise Risk Assessment

Disaster recovery strategic plan

Business continuity plan

Application mapping document

In-line hardware keyloggers don’t require physical access

In-line hardware keyloggers don’t comply to industry regulations

In-line hardware keyloggers are undetectable by software

In-line hardware keyloggers are relatively inexpensive

chain of custody.

electronic discovery.

evidence tampering.

electronic review.

security coding

data security system

data classification

privacy protection

Execute

Read

Administrator

Public

Preventive actions

Inspection

Defect repair

Corrective actions

Perform a vulnerability scan of the network

External penetration testing by a qualified third party

Internal Firewall ruleset reviews

Implement network intrusion prevention systems

Penetration testers

External Audit

Internal Audit

Forensic experts

Controlled mitigation effort

Risk impact comparison

Relative likelihood of event

Comparative threat analysis

To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.

To provide a common basis for developing organizational security standards

To provide effective security management practice and to provide confidence in inter-organizational dealings

To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization

Confidentiality, Availability, Integrity

Compliance, Effectiveness, Efficiency

Communication, Reliability, Cost

Confidentiality, Compliance, Cost

Servers, routers, switches, modem

Firewall, exchange, web server, intrusion detection system (IDS)

Firewall, anti-virus console, IDS, syslog

IDS, syslog, router, switches

Provide clear communication of security requirements throughout the organization

Demonstrate executive support with written mandates for security policy adherence

Create collaborative risk management approaches within the organization

Perform increased audits of security processes and procedures

Poor audit support for the security program

A lack of executive presence within the security program

Poor alignment of the security program to business needs

This is normal since business units typically resist security requirements

Glaucoma or cataracts

Two different colored eyes (heterochromia iridium)

Contact lens

Malaria

The DLP Solution was not integrated with mobile device anti-malware

Data classification was not properly performed on the assets

The sensitive data was not encrypted while at rest

A risk assessment was not performed after purchasing the DLP solution

Alignment with the business

Effective use of existing technologies

Leveraging existing implementations

Proper budget management

Knowing who all the stakeholders are.

Knowing the people on the data center team.

Knowing the threats to the organization.

Knowing the milestones and timelines of deliverables.

Failed to identify all stakeholders and their needs

Deployed the encryption solution in an inadequate manner

Used 1024 bit encryption when 256 bit would have sufficed

Used hardware encryption instead of software encryption

it is completed on time or early as compared to the baseline project plan

it meets most of the specifications as outlined in the approved project definition

it comes in at or below the expenditures planned for in the baseline budget

the deliverables are accepted by the key stakeholders

Create a comprehensive security awareness program and provide success metrics to business units

Create security consortiums, such as strategic security planning groups, that include business unit participation

Ensure security implementations include business unit testing and functional validation prior to production rollout

Ensure the organization has strong executive-level security representation through clear sponsorship or the creation of a CISO role

Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements

Develop a culture in which users, managers and IT professionals all make good decisions about information risk

Provide clear communication of security program support requirements and audit schedules

Create security awareness programs that include clear definition of security program goals and charters

Approving access to critical financial systems

Developing content for security awareness programs

Interviewing candidates for information security specialist positions

Vetting information security policies

Risk Avoidance

Risk Acceptance

Risk Transfer

Risk Mitigation

Reach out to a business similar to yours and ask for their plan

Set goals that are difficult to attain to drive more productivity

Review business acquisitions for the past 3 years

Analyze the broader organizational strategic plan

Safeguard Value

Cost Benefit Analysis

Single Loss Expectancy

Life Cycle Loss Expectancy

The company lacks a risk management process

The company does not believe the security vulnerabilities to be real

The company has a high risk tolerance

The company lacks the tools to perform a vulnerability assessment

all organizational assets

critical business processes and /or revenue streams

intellectual property released into the public domain

against distributed denial of service attacks

Risk management

Security management

Mitigation management

Compliance management

Policies

Procedures

Guidelines

Standards

Control Objective for Information Technology (COBIT)

Committee of Sponsoring Organizations (COSO)

Payment Card Industry (PCI)

Information Technology Infrastructure Library (ITIL)

Well established and defined digital forensics process

Establishing Enterprise-owned Botnets for preemptive attacks

Be able to retaliate under the framework of Active Defense

Collaboration with law enforcement

Secure the area and shut-down the computer until investigators arrive

Secure the area and attempt to maintain power until investigators arrive

Immediately place hard drive and other components in an anti-static bag

Secure the area.

International Organization for Standardizations – 22301 (ISO-22301)

Information Technology Infrastructure Library (ITIL)

Payment Card Industry Data Security Standards (PCI-DSS)

International Organization for Standardizations – 27005 (ISO-27005)

Poses a strong technical background

Understand all regulations affecting the organization

Understand the business goals of the organization

Poses a strong auditing background

Risk Tolerance

Qualitative risk analysis

Risk Appetite

Quantitative risk analysis

Control Objectives for IT (COBIT)

Payment Card Industry-Data Security Standard (PCI-DSS)

International Organization Standard (ISO) 27002

National Institute of Standards and Technology (NIST) SP 800-30

Information security should be informed of changes to applications only

Development team should tell the information security team about any application security flaws

Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production

Information security should be aware of all application changes and work with developers before changes are deployed in production

CISO

Data owner

Chief Information Officer (CIO)

Security system administrator

Security and IT Staff size

Company Values

Budget

All of the above

Inability to export the private certificate/key

It can double as physical identification at the DMV

It has the user’s photograph to help ID them

It can be used as a secure flash drive

RAM and unallocated space

Unallocated space and RAM

Slack space and browser cache

Persistent and volatile data

The asset is more expensive than the remediation

The audit finding is incorrect

The asset being protected is less valuable than the remediation costs

The remediation costs are irrelevant; it must be implemented regardless of cost.

Perform an audit to measure the control formally

Escalate the issue to the IT organization

Perform a risk assessment to measure risk

Establish Key Risk Indicators

Risk averse

Risk tolerant

Risk conditional

Risk minimal

War driving

Operating system attacks

Social engineering

Shrink wrap attack

Session encryption

Removing all stored procedures

Input sanitization

Library control

‘ o 1=1 - -

/../../../../

“DROPTABLE USERNAME”

NOPS

Wireless Application Protocol (WAP)

Wifi Protected Access version 2 (WPA2)

Wireless Equivalence Protocol (WEP)

Extensible Authentication Protocol (EAP)

Threat analysis process

Asset configuration management process

Business Impact Analysis

Disaster Recovery plan

Business Impact Analysis

Economic Impact analysis

Return on Investment

Cost-benefit analysis

Compliance management

Asset management

Risk management

Security management

Vmware, router, switch, firewall, syslog, vulnerability management system (VMS)

Intrusion Detection System (IDS), firewall, switch, syslog

Security Incident Event Management (SIEM), IDS, router, syslog

SIEM, IDS, firewall, VMS

There is integration between IT security and business staffing.

There is a clear definition of the IT security mission and vision.

There is an auditing methodology in place.

The plan requires return on investment for all security projects.

An Information Security audit standard

An audit guideline for certifying secure systems and controls

A framework for Information Technology management and governance

A set of international regulations for Information Technology governance

Risk Management Program.

Anti-Spam controls.

Security Awareness Program.

Identity and Access Management Program.

Purge

Clear

Mangle

Destroy

To force stakeholders to commit ample resources to support the project

To facilitate proper communication regarding outcomes

To assure stakeholders commit to the project start and end dates in writing

To finalize detailed scope of the project at project initiation

Facial recognition scan

Iris scan

Signature kinetics scan

Retinal scan

A complete document of all involved team members and the support they provided

Recovery of all data from affected systems

Lessons learned from the incident, so they can be incorporated into the incident response processes

Clearly defined documents detailing standard evidence collection and preservation processes

Threat analyst, IT auditor, forensic analyst

Network engineer, help desk technician, system administrator

CIO, CFO, CSO

Financial analyst, payroll clerk, HR manager

Controlled spear phishing campaigns

Password changes

Baselining of computer systems

Scanning for viruses