Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Both are Standard referred to ISO 2700 where terms and definitions are given
Availability
Backup of information In cases when information is deleted or corrupted for some reason, the
information is no longer available to the organization. The backup enables the information
availability.
Integrity
Anti-virus software A virus is software that can corrupt the information by modifying it. Installing
anti-virus programs protects the integrity of the information.
Confidentiality
Safe box Locking paper-based documents in a safe box enables protecting the confidentiality of
the information in the document.
Defined:
1. Information is an asset which has value to organization and needs to be protected.
2. Information can have various forms and stored on different media (Like digital or Paper)
3. Information Security is Ensuring as Confidentiality, Integrity and Availability of Information
Confidentiality is assurance of data privacy allows authorized persons and access the
information.
Integrity assurance that only authorized person will be able to modify the data meaning
Protecting the accuracy and completeness of the information.
Availability assurance of the timely and reliable access to data and services for authorized
users.
Example:
Confidentiality
Integrity
Availability
Choose which of the following activities are parts of the Plan phase are:
1. Identify information security risks Correct!
2. Conduct internal audit Incorrect! The internal audit is an activity from the Check phase.
3. Based on the results from the risk assessment, choose controls and document a
Statement of applicability Correct!
4. Document the Information Security Policy Correct!
5. Implement improvements Incorrect! The improvement initiatives are part of the Act phase.
Module 1 - Introduction to ISO 27001
Practice exam
Information security and IT security refer to the same thing:
1. True Incorrect! Information security is wider than IT security, and includes protection of
different kinds of information, not just information stored and transmitted over IT networks.
2. False Correct!
An Information Security Management System is a systematic approach for managing and protecting
a companys information.
1. True Correct!
2. False Incorrect! ISMS is a framework for systematic mitigation of security risks related to the
information.